Академический Документы
Профессиональный Документы
Культура Документы
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
EN-000525-01
You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com
Copyright 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
Contents
Supported Operating Systems for View Agent 15 Supported Operating Systems for View Client and View Client with Local Mode Hardware Requirements for Local Mode Desktops 16 Client Browser Requirements for View Portal 18 Remote Display Protocol and Software Support 18 Adobe Flash Requirements 21 Smart Card Authentication Requirements 21
16
Configuring Domains and Trust Relationships 23 Creating an OU for View Desktops 24 Creating OUs and Groups for Kiosk Mode Client Accounts 24 Creating Groups for View Users 24 Creating a User Account for vCenter Server 24 Create a User Account for View Composer 25 Configure the Restricted Groups Policy 25 Using View Group Policy Administrative Template Files 26 Prepare Active Directory for Smart Card Authentication 26
Prepare a View Composer Database 29 Install the View Composer Service 36 Configuring Your Infrastructure for View Composer 38
Installing the View Connection Server Software 39 Configuring User Accounts for vCenter Server and View Composer 53 Configuring View Connection Server for the First Time 56 Configuring View Client Connections 60 Sizing Windows Server Settings to Support Your Deployment 63
VMware, Inc.
Install View Transfer Server 71 Add View Transfer Server to View Manager 73 Configure the Transfer Server Repository 74 Firewall Rules for View Transfer Server 75 Installing View Transfer Server Silently 75
Replacing the Default Certificate 79 Add keytool and openssl to the System Path 80 Use an Existing PKCS#12 Certificate and Private Key 80 Convert a PKCS#12 Keystore to JKS Format 82 Creating a New SSL Certificate 82 Configure a View Connection Server Instance or Security Server to Use a New Certificate 85 Configure a View Transfer Server Instance to Use a New Certificate 86 Configure SSL for Client Connections 87 Configure SSL for View Transfer Server Communications 88 Using Group Policy to Configure Certificate Checking in View Client 88
Add a Database and Database User for View Events 89 Prepare an SQL Server Database for Event Reporting 90 Configure the Event Database 90
Install the Windows-Based View Client or View Client with Local Mode 93 Start the Windows-Based View Client or View Client with Local Mode 94 Install View Client by Using View Portal 96 Install View Client on Mac OS X 97 Start View Client on Mac OS X 98 Set Printing Preferences for the Virtual Printer Feature on Windows Clients 100 Using USB Printers 101 Installing View Client Silently 101
Index 105
VMware, Inc.
VMWare View Installation explains how to install the VMware View server and client components.
Intended Audience
This information is intended for anyone who wants to install VMware View. The information is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and datacenter operations.
VMware, Inc.
VMware, Inc.
Hosts that run VMware View server components must meet specific hardware and software requirements. This chapter includes the following topics:
n n n n
View Connection Server Requirements, on page 7 View Administrator Requirements, on page 9 View Composer Requirements, on page 9 View Transfer Server Requirements, on page 12
Hardware Requirements for View Connection Server on page 7 You must install View Connection Server on a 32-bit or 64-bit dedicated physical or virtual machine that meets specific hardware requirements.
Supported Operating Systems for View Connection Server on page 8 You must install View Connection Server on a supported operating system. Virtualization Software Requirements for View Connection Server on page 9 View Connection Server requires VMware virtualization software to function properly. Network Requirements for Replicated View Connection Server Instances on page 9 If you install replicated View Connection Server instances, configure the instances in the same location and connect them over a high-performance LAN.
VMware, Inc.
These requirements also apply to replica and security server View Connection Server instances that you install for high availability or external access. IMPORTANT The physical or virtual machine that hosts View Connection Server must use a static IP address.
IMPORTANT If you use a Windows Server 2003 operating system, enable Physical Address Extension (PAE). See the Microsoft KB article at http://support.microsoft.com/kb/283037.
VMware, Inc.
If you are using vSphere, you must have vSphere 4.0 Update 2 or later or vSphere 4.1 or later. If you are using VMware Infrastructure, you must have VMware Infrastructure 3.5 Update 5 and VirtualCenter Server 2.5 Update 6. Both ESX and ESXi hosts are supported.
To use View Administrator with your Web browser, you must install Adobe Flash Player 10. Your client system must have access to the internet to allow Adobe Flash Player to be installed. To display text properly, View Administrator requires Microsoft-specific fonts. If your Web browser runs on a non-Windows operating system such as Linux, UNIX, or Mac OS, make sure that Microsoft-specific fonts are installed on your computer. Currently, the Microsoft Web site does not distribute Microsoft fonts, but you can download them from independent Web sites.
Supported Operating Systems for View Composer on page 10 View Composer supports 64-bit and 32-bit operating systems with specific requirements and limitations. You must install View Composer on the same physical computer or virtual machine as vCenter Server.
VMware, Inc.
Database Requirements for View Composer on page 10 View Composer requires an SQL database to store data. The View Composer database must reside on, or be available to, the vCenter Server computer.
Virtualization Software Requirements for View Composer Features on page 11 You must create linked-clone virtual machines on hosts that run ESX/ESXi 4 or later, and you must configure linked-clone pools in vSphere mode, to take advantage of several View Composer and vSphere features.
10
VMware, Inc.
View Composer supports a subset of the database servers that vCenter Server supports. If you are already using vCenter Server with a database server that is not supported by View Composer, continue to use that database server for vCenter Server and install a separate database server to use for View Composer and View Manager database events. IMPORTANT If you create the View Composer database on the same SQL Server instance as vCenter Server, do not overwrite the vCenter Server database. Table 1-5 lists the supported database servers and versions. For a complete list of database versions supported with vCenter Server, see the VMware vSphere Compatibility Matrixes on the VMware vSphere documentation Web site. Table 1-5. Supported Database Servers for View Composer
Database Microsoft SQL Server 2000 SP4 Standard Microsoft SQL Server 2005 Express Microsoft SQL Server 2005 SP3 Standard and Enterprise Microsoft SQL Server 2008 SP1 Standard and Enterprise Microsoft SQL Server 2008 SP1 Standard and Enterprise 64-bit Oracle 9i Release 2 Oracle 10g Release 2 Oracle 11g Release 1 vCenter Server 4.1 and later No vCenter Server 4.0 U2 and later No VC Server 2.5 U6 Yes
Yes Yes
Yes Yes
Yes Yes
Yes
Yes
No
Yes
Yes
No
No Yes Yes
No Yes Yes
Yes No No
Storing linked-clone virtual machines on local datastores Redirecting disposable data to separate, non-persistent disks Storing replicas and linked clones on separate datastores Creating pools from a parent virtual-machine snapshot that uses hardware version 7 Using Sysprep customization specifications for linked-clone virtual machines. In addition, Sysprep is supported for linked clones only on vSphere 4.1 software. You cannot use Sysprep on vSphere 4.0 or VMware Infrastructure 3.5 software.
VMware, Inc.
11
Installation Requirements for View Transfer Server on page 12 You must install View Transfer Server as a Windows application in a virtual machine that meets specific requirements.
Supported Operating Systems for View Transfer Server on page 13 You must install View Transfer Server on a supported operating system with the required amount of RAM.
Storage Requirements for View Transfer Server on page 13 View Transfer Server transfers static content to and from the Transfer Server repository and dynamic content between local desktops and remote desktops in the datacenter. View Transfer Server has specific storage requirements.
It must be managed by the same vCenter Server instance as the local desktops that it will manage. It does not have to be part of a domain. It must use a static IP address.
CAUTION You must configure the virtual machine that hosts View Transfer Server with an LSI Logic Parallel SCSI controller. You cannot use a SAS or VMware paravirtual controller. On Windows Server 2008 virtual machines, the LSI Logic SAS controller is selected by default. You must change this selection to an LSI Logic Parallel controller before you install the operating system. The View Transfer Server software cannot coexist on the same virtual machine with any other View Manager software component, including View Connection Server. You can install multiple View Transfer Server instances for high availability and scalability.
12
VMware, Inc.
IMPORTANT Configure two virtual CPUs for virtual machines that host View Transfer Server.
The disk drive on which you configure the Transfer Server repository must have enough space to store your static image files. Image files are View Composer base images. View Transfer Server must have access to the datastores that store the desktop disks to be transferred. The datastores must be accessible from the ESX host where the View Transfer Server virtual machine is running. The recommended maximum number of concurrent disk transfers that View Transfer Server can support is 20. During a transfer operation, a local desktop's virtual disk is mounted on View Transfer Server. The View Transfer Server virtual machine has four SCSI controllers. This configuration allows multiple disks to be attached to the virtual machine at one time.
Because local desktops can contain sensitive user data, make sure data is encrypted during its transit over the network. In View Administrator, you can configure data-transfer security options on each View Connection Server instance. To configure these options in View Administrator, click View Configuration > Servers, select a View Connection Server instance, and click Edit.
When View Transfer Server is added to View Manager, its Distributed Resource Scheduler (DRS) automation policy is set to Manual, which effectively disables DRS. To migrate a View Transfer Server instance to another ESX host or datastore, you must place the instance in maintenance mode before you begin the migration. When View Transfer Server is removed from View Manager, the DRS automation policy is reset to the value it had before View Transfer Server was added to View Manager.
VMware, Inc.
13
14
VMware, Inc.
Systems running View client components must meet certain hardware and software requirements. View Client on Windows systems uses Microsoft Internet Explorer Internet settings, including proxy settings, when connecting to View Connection Server. Ensure that your Internet Explorer settings are accurate and that you can access the View Connection Server URL through Internet Explorer. You can use Internet Explorer 7 and 8. This chapter includes the following topics:
n n n n n n n
Supported Operating Systems for View Agent, on page 15 Supported Operating Systems for View Client and View Client with Local Mode, on page 16 Hardware Requirements for Local Mode Desktops, on page 16 Client Browser Requirements for View Portal, on page 18 Remote Display Protocol and Software Support, on page 18 Adobe Flash Requirements, on page 21 Smart Card Authentication Requirements, on page 21
VMware, Inc.
15
IMPORTANT If you use Windows 7 in a virtual machine, the host must be ESX/ESXi 4.0 Update 2 or later or ESX/ESXi 4.1 or later.
Supported Operating Systems for View Client and View Client with Local Mode
Users run View Client to connect to their View desktops. You must install View Client or View Client with Local Mode on a supported operating system. Table 2-2 lists the operating systems supported for View Client. Table 2-2. View Client Operating System Support
Operating System Windows 7 Windows XP Windows Vista Mac OS X Leopard 10.5 Mac OS X Snow Leopard 10.6 Version 32-bit and 64-bit 32-bit 32-bit N/A N/A Edition Home, Enterprise, Professional, and Ultimate Home and Professional Home, Business, Enterprise, and Ultimate N/A N/A Service Pack N/A SP3 SP1 and SP2 N/A N/A
IMPORTANT View Client with Local Mode is supported only on Windows systems and only on physical computers. In addition, to use this feature, your VMware license must include View Client with Local Mode. View Client with Local Mode is the fully supported feature that in earlier releases was an experimental feature called View Client with Offline Desktop. A Windows 7 or Windows Vista View desktop that is created on an ESX/ESXi 3.5 host cannot produce 3D and Windows Aero effects. This limitation applies even when the desktop is checked out for local use on a Windows 7 or Windows Vista client computer. Windows Aero and 3D effects are available only if the View desktop is created using vSphere 4.x. NOTE VMware partners offer thin client devices for VMware View deployments. The features and Linux operating systems that are available for each thin client device are determined by the vendor and model and the configuration that an enterprise chooses to use. For information about the vendors and models for thin client devices, see the Thin Client Compatibility Guide, available on the VMware Web site.
PC Hardware
Table 2-3 describes the hardware requirements for various View desktop operating systems.
16
VMware, Inc.
Intel processors
AMD processors
Disk Space
If you use a default setup for the operating system in the View desktop, the actual disk space needs are approximately the same as those for installing and running the operating system and applications on a physical computer. For example, Microsoft recommends 16GB of hard disk space for a machine that runs a 32-bit Windows 7 operating system. If you configure a 16GB virtual hard disk for a 32-bit Windows 7 virtual machine, only the amount of disk space actually used is downloaded when you check out the local desktop. For a desktop that is allocated 16GB, the actual download size might be 7GB. After the desktop is downloaded, the amount of disk space used can grow to 16GB if you configured a 16GB hard disk. Because a snapshot is taken during replication, an additional equivalent amount of disk space is required. For example, if 7GB of disk space is currently being used for the local desktop, the snapshot consumes an additional 7GB on the client computer. IDE and SCSI hard drives are supported.
Memory
You need enough memory to run the host operating system on the client computer, plus the memory required for the View desktop's operating system and for applications on the client computer and the View desktop. VMware recommends that you have 2GB and above for Windows XP and Windows Vista, and 3GB and above for Windows 7. For more information on memory requirements, see your guest operating system and application documentation. The total amount of memory you can assign to all virtual machines running on a single computer is limited only by the amount of RAM on the computer. The maximum amount of memory for each View desktop on 32-bit client computers is 8GB and on 64-bit computers it is 32GB.
VMware, Inc.
17
Display
A 32-bit display adapter is recommended. 3D benchmarks, such as 3DMark '06, might not render correctly or at all when running Windows Vista or Windows 7 virtual machines on some graphics hardware. To play video at 720p or higher requires a multiprocessor system. For CPU and GPU requirements to support Windows 7 Aero, see the table in PC Hardware, on page 16.
If you use Internet Explorer and you already have View Client installed, if the version available from View Connection Server is newer than that installed on the client device, you can choose to upgrade. If the version is the same as that on the client device, View Portal starts the View Client installed on the local system. NOTE View Portal does not support Linux. A native client for Linux is available only through certified VMware partners.
VMware View with PCoIP on page 19 PCoIP provides an optimized desktop experience for the delivery of the entire desktop environment, including applications, images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions.
Microsoft RDP on page 20 Microsoft Remote Desktop Connection (RDC) uses RDP to transmit data. RDP is a multichannel protocol that allows a user to connect to a computer remotely.
HP RGS Software on page 20 View Client supports connections to desktops using HP RGS when connecting to HP Blade PCs, HP Workstations, and HP Blade Workstations. VMware does not bundle or license HP RGS with View. You must contact HP to license a copy of HP RGS version 5.2.5 to use with View.
Multimedia Redirection (MMR) on page 21 Multimedia redirection (MMR) delivers the multimedia stream directly to client computers by using a virtual channel.
18
VMware, Inc.
PCoIP Features
Key features of PCoIP include the following:
n
For users outside the corporate firewall, you can use this protocol with your company's virtual private network or with View security servers. Connections to Windows desktops with the View Agent operating system versions listed in Supported Operating Systems for View Agent, on page 15 are supported. Connections from Windows clients with the View Client operating system versions listed in Supported Operating Systems for View Client and View Client with Local Mode, on page 16 are supported. MMR redirection is supported for Windows XP and Vista clients. MMR redirection is not supported for Windows 7 View Clients and is not supported on Windows 7 View desktops. USB redirection is supported. Audio redirection with dynamic audio quality adjustment for LAN and WAN is supported. Multiple monitors are supported. You can use up to four monitors and adjust the resolution for each monitor separately, with a resolution of up to 2560x1600 per display. Pivot display and autofit are also supported. 32-bit color is supported for virtual displays. ClearType fonts are supported. Text copy and paste between the local system and the desktop is supported, up to 64 kilobytes. You cannot copy and paste system objects such as folders and files between systems.
n n n
n n n
Video Quality
480p-formatted video You can play video at 480p or lower at native resolutions when the View desktop has a single virtual CPU. If the operating system is Windows 7 and you want to play the video in high-definition Flash or in full screen mode, the desktop requires a dual virtual CPU. You can play video at 720p at native resolutions if the View desktop has a dual virtual CPU. Performance might be affected if you play videos at 720p in high definition or in full screen mode. If the View desktop has a dual virtual CPU, you can play 1080p formatted video, although the media player might need to be adjusted to a smaller window size.
720p-formatted video
1080p-formatted video
VMware, Inc.
19
For Windows XP desktops: 768MB RAM or more and a single CPU For Windows 7 desktops: 1GB of RAM and a dual CPU
800MHz or higher processor speed. x86-based processor with SSE2 extensions. See the VMware View Architecture Planning document for information about RAM sizing for specific monitor configurations.
Microsoft RDP
Microsoft Remote Desktop Connection (RDC) uses RDP to transmit data. RDP is a multichannel protocol that allows a user to connect to a computer remotely. Following are RDP-related requirements and considerations for different Windows operating systems and features.
n n n n n
For Windows XP and Windows XP Embedded systems, you should use Microsoft RDC 6.x. Windows Vista comes with RDC 6.x installed. Windows 2000 supports RDC 5.0. It does not support RDC 6.x. You must have RDC 6.0 or later to use multiple monitors. For Windows XP desktop virtual machines, you must install the RDP patches listed in Microsoft Knowledge Base (KB) articles 323497 and 884020. If you do not install the RDP patches, a Windows Sockets failed error message might appear on the client. The View Agent installer configures the local firewall rule for inbound RDP connections to match the current RDP port of the host operating system, which is typically 3389. If you change the RDP port number, you must change the associated firewall rules.
You can download RDC 6.1 from the Microsoft Web site.
HP RGS Software
View Client supports connections to desktops using HP RGS when connecting to HP Blade PCs, HP Workstations, and HP Blade Workstations. VMware does not bundle or license HP RGS with View. You must contact HP to license a copy of HP RGS version 5.2.5 to use with View. HP RGS consists of a server-side component, called RGS Sender, and a client-side component, the RGS Receiver. Before you can configure View to use HP RGS, you must install HP RGS Sender in the remote desktop operating system and install HP RGS Receiver in the desktop. Do not install RGS USB on either the sender or receiver. You must add the RGS Sender application or port as an exception to any firewall software. The default RGS port is 42966. See the HP RGS documentation on the HP Web site for information on installing and configuring HP RGS components.
20
VMware, Inc.
Connections to virtual machines are not supported. Vista desktops are not supported. Tunnel connections are not supported. Only direct connections are supported. Smart cards are not supported. Multiple monitors are not supported. View Portal does not support RGS connections. Linux thin clients do not support RGS connections.
The MMR feature supports the media file formats that the client system supports, since local decoders must exist on the client. File formats include MPEG2, WMV, AVI, and WAV, among others. For best quality, use Windows Media Player 10 or later, and install it on both the local computer, or client access device, and the View desktop. You must add the MMR port as an exception to your firewall software. The default port for MMR is 9427. NOTE The View Client video display hardware must have overlay support for MMR to work correctly.
View Client A Windows-compatible smart card reader Smart card middleware Product-specific application drivers
You must also install product-specific application drivers on the View desktops.
VMware, Inc.
21
View supports smart cards and smart card readers that use a PKCS#11 or Microsoft CryptoAPI provider. You can optionally install the ActivIdentity ActivClient software suite, which provides tools for interacting with smart cards. Users that authenticate with smart cards must have a smart card or USB smart card token, and each smart card must contain a user certificate. To install certificates on a smart card, you must set up a computer to act as an enrollment station. This computer must have the authority to issue smart cards for users, and it must be a member of the domain you are issuing certificates for. IMPORTANT When you enroll a smart card, you can choose the key size of the resulting certificate. To use smart cards with local desktops, you must select a 1024-bit or 2048-bit key size during smart card enrollment. Certificates with 512-bit keys are not supported. The Microsoft TechNet Web site includes detailed information on planning and implementing smart card authentication for Windows systems. See Prepare Active Directory for Smart Card Authentication, on page 26 for information on tasks you might need to perform in Active Directory when you implement smart card authentication with View. Smart card authentication is not supported by View Client for Mac or View Administrator. See the VMware View Architecture Planning document for complete information on smart card support.
22
VMware, Inc.
View uses your existing Microsoft Active Directory infrastructure for user authentication and management. You must perform certain tasks to prepare Active Directory for use with View. View supports the following versions of Active Directory:
n n n
Windows 2000 Active Directory Windows 2003 Active Directory Windows 2008 Active Directory
Configuring Domains and Trust Relationships, on page 23 Creating an OU for View Desktops, on page 24 Creating OUs and Groups for Kiosk Mode Client Accounts, on page 24 Creating Groups for View Users, on page 24 Creating a User Account for vCenter Server, on page 24 Create a User Account for View Composer, on page 25 Configure the Restricted Groups Policy, on page 25 Using View Group Policy Administrative Template Files, on page 26 Prepare Active Directory for Smart Card Authentication, on page 26
VMware, Inc.
23
24
VMware, Inc.
You must give the user account privileges to perform certain operations in vCenter Server. If you use View Composer, you must give the user account additional privileges. See Configuring User Accounts for vCenter Server and View Composer, on page 53 for information on configuring these privileges.
List Contents Read All Properties Write All Properties Read Permissions Create Computer Objects Delete Computer Objects
Make sure that the user account's permissions apply to the Active Directory container and to all child objects of the container.
What to do next Specify the account in View Administrator when you configure View Composer for vCenter Server and when you configure and deploy linked-clone desktop pools.
VMware, Inc.
25
Procedure 1 2 3 4 5 6 7 8 On your Active Directory server, select Start > Administrative Tools > Active Directory Users and Computers. Right-click your domain and select Properties. On the Group Policy tab, click Open to open the Group Policy Management plug-in. Right-click Default Domain Policy and click Edit. Expand the Computer Configuration section and open Windows Settings\Security Settings. Right-click Restricted Groups, select Add Group, and add the Remote Desktop Users group. Right-click the new restricted Remote Desktop Users group and add your View desktop users group to the group membership list. Click OK to save your changes.
During View Connection Server installation, the View ADM template files are installed in the
Connection Server host. You must copy these files to a directory on your Active Directory server. You can optimize and secure View desktops by adding the policy settings in these files to a new or existing GPO in Active Directory and then linking that GPO to the OU that contains your View desktops. See the VMware View Administration document for information on using View group policy settings.
Add UPNs for Smart Card Users on page 27 Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users that use smart cards to authenticate in View must have a valid UPN.
Add the Root Certificate to Trusted Root Certification Authorities on page 27 If you use a certification authority (CA) to issue smart card login or domain controller certificates, you must add the root certificate to the Trusted Root Certification Authorities group policy in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA.
Add an Intermediate Certificate to Intermediate Certification Authorities on page 28 If you use an intermediate certification authority (CA) to issue smart card login or domain controller certificates, you must add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory.
Add the Root Certificate to the Enterprise NTAuth Store on page 28 If you use a CA to issue smart card login or domain controller certificates, you must add the root certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA.
26
VMware, Inc.
Obtain the SAN contained in the root certificate of the trusted CA by viewing the certificate properties. If the ADSI Edit utility is not present on your Active Directory server, download the Windows Support Tools from the Microsoft Web site.
Procedure 1 2 3 4 5 On your Active Directory server, start the ADSI Edit utility. In the left pane, expand the domain the user is located in and double-click CN=Users. In the right pane, right-click the user and then click Properties. Double-click the userPrincipalName attribute and type the SAN value of the trusted CA certificate. Click OK to save the attribute setting.
All of the systems in the domain now have a copy of the root certificate in their trusted root store.
VMware, Inc.
27
What to do next If an intermediate certification authority (CA) issues your smart card login or domain controller certificates, add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory. See Add an Intermediate Certificate to Intermediate Certification Authorities, on page 28.
All of the systems in the domain now have a copy of the intermediate certificate in their intermediate certification authority store.
On your Active Directory server, use the certutil command to publish the certificate to the Enterprise NTAuth store. For example: certutil -dspublish -f path_to_root_CA_cert NTAuthCA
28
VMware, Inc.
To use View Composer, you create a View Composer database, install the View Composer service on the vCenter Server computer, and optimize your View infrastructure to support View Composer. View Composer is an optional feature. Install View Composer if you intend to deploy linked-clone desktop pools. You must have a license to install and use the View Composer feature. This chapter includes the following topics:
n n n
Prepare a View Composer Database, on page 29 Install the View Composer Service, on page 36 Configuring Your Infrastructure for View Composer, on page 38
vCenter Server connections Active Directory connections Linked-clone desktops that are deployed by View Composer Replicas that are created by View Composer
Each instance of the View Composer service must have its own View Composer database. Multiple View Composer services cannot share a View Composer database. For a list of supported database versions, see Database Requirements for View Composer, on page 10. To add a View Composer database to an installed database instance, choose one of these procedures.
VMware, Inc.
29
Create a SQL Server Database for View Composer on page 30 View Composer can store linked-clone desktop information in a SQL Server database. You create a View Composer database by adding it to SQL Server and configuring an ODBC data source for it.
Create an Oracle Database for View Composer on page 32 View Composer can store linked-clone desktop information in an Oracle 11g, 10g, or 9i database. You create a View Composer database by adding it to an existing Oracle instance and configuring an ODBC data source for it. You can add a new View Composer database by using the Oracle Database Configuration Assistant or by running a SQL statement.
Verify that a supported version of SQL Server is installed on the vCenter Server computer or in your network environment. For details, see Database Requirements for View Composer, on page 10. Verify that you use SQL Server Management Studio or SQL Server Management Studio Express to create and administer the data source. You can download and install SQL Server Management Studio Express from the following Web site. http://www.microsoft.com/downloadS/details.aspx? familyid=C243A5AE-4BD1-4E3D-94B8-5A0F62BF7796
Procedure 1 2 3 4 On the vCenter Server computer, select Start > All Programs > Microsoft SQL Server 2008 or Microsoft SQL Server 2005. Select SQL Server Management Studio Express and connect to the existing SQL Server instance for vSphere Management. In the Object Explorer panel, right-click the Databases entry and select New Database. In the New Database dialog box, type a name in the Database name text box. For example: viewComposer 5 Click OK. SQL Server Management Studio Express adds your database to the Databases entry in the Object Explorer panel. 6 Exit Microsoft SQL Server Management Studio Express.
What to do next Follow the instructions in Add an ODBC Data Source to SQL Server, on page 31.
30
VMware, Inc.
9 10
Click Next. Select the Change the default database to check box and select the name of the View Composer database from the list. For example: ViewComposer
11
Finish and close the Microsoft ODBC Data Source Administrator wizard.
What to do next Install the new View Composer service on the vCenter Server computer. See Install the View Composer Service, on page 36.
VMware, Inc.
31
Add a View Composer Database to Oracle 11g or 10g on page 32 You can use the Oracle Database Configuration Assistant to add a new View Composer database to an existing Oracle 11g or 10g instance.
Add a View Composer Database to Oracle 9i on page 33 You can use the Oracle Database Configuration Assistant to add a new View Composer database to an existing Oracle 9i instance.
Use a SQL Statement to Add a View Composer Database to an Oracle Instance on page 34 The View Composer database must have certain table spaces and privileges. You can use a SQL statement to create the View Composer database in an Oracle 11g, 10g, or 9i database instance.
Configure an Oracle Database User for View Composer on page 34 By default, the database user that runs the View Composer database has Oracle system administrator permissions. To restrict the security permissions for the user that runs the View Composer database, you must configure an Oracle database user with specific permissions.
Add an ODBC Data Source to Oracle 11g or 10g on page 35 After you add a View Composer database to an Oracle 11g or 10g instance, you must configure an ODBC connection to the new database to make this data source visible to the View Composer service.
Add an ODBC Data Source to Oracle 9i on page 36 After you add a View Composer database to an Oracle 9i instance, you must configure an ODBC connection to the new database to make this data source visible to the View Composer service.
2 3
On the Operations page, select Create a database. On the Database Templates page, select the General Purpose or Transaction Processing template.
32
VMware, Inc.
On the Database Identification page, type a Global Database Name and an Oracle System Identifier (SID) prefix. For simplicity, use the same value for both items.
5 6 7 8 9
On the Management Options page, click Next to accept the default settings. On the Database Credentials page, select Use the Same Administrative Passwords for All Accounts and type a password. On the remaining configuration pages, click Next to accept the default settings. On the Creation Options page, verify that Create Database is selected and click Finish. On the Confirmation page, review the options and click OK. The configuration tool creates the database.
10
What to do next Follow the instructions in Add an ODBC Data Source to Oracle 11g or 10g, on page 35.
VMware, Inc.
33
In this example, VCMP is the sample name of the View Composer database and vcmp01.dbf is the name of the database file. For a Windows installation, use Windows conventions in the directory path to the vcmp01.dbf file. What to do next If you want to run the View Composer database with specific security permissions, follow the instructions in Configure an Oracle Database User for View Composer, on page 34. For Oracle 11g or 10g, follow the instructions in Add an ODBC Data Source to Oracle 11g or 10g, on page 35 For Oracle 9i, follow the instructions in Add an ODBC Data Source to Oracle 9i, on page 36
34
VMware, Inc.
Procedure 1 2 Log in to a SQL*Plus session with the system account. Run the following SQL command to create a View Composer database user with the correct permissions.
CREATE USER "VCMPADMIN" PROFILE "DEFAULT" IDENTIFIED BY "oracle" DEFAULT TABLESPACE "VCMP" ACCOUNT UNLOCK; grant connect to VCMPADMIN; grant resource to VCMPADMIN; grant create view to VCMPADMIN; grant create sequence to VCMPADMIN; grant create table to VCMPADMIN; grant create materialized view to VCMPADMIN; grant execute on dbms_lock to VCMPADMIN; grant execute on dbms_job to VCMPADMIN; grant unlimited tablespace to VCMPADMIN;
In this example, the user name is VCMPADMIN and the View Composer database name is VCMP. By default the resource role has the create procedure, create table, and create sequence privileges assigned. If the resource role does not have these privileges, explicitly grant them to the View Composer database user.
VMware, Inc.
35
What to do next Install the new View Composer service on the vCenter Server computer. See Install the View Composer Service, on page 36.
What to do next Install the new View Composer service on the vCenter Server computer. See Install the View Composer Service, on page 36.
Verify that your installation satisfies the View Composer requirements described in View Composer Requirements, on page 9. Verify that you have a license to install and use View Composer. In vCenter Server, create a resource pool on the ESX host or cluster on which you want to store linkedclone desktops.
n n
36
VMware, Inc.
If Windows firewall is running on the vCenter Server computer, make sure that the port the View Composer service uses to communicate with View Connection Server is accessible. You can add this port to the exception list or deactivate the local firewall service. You specify this port when you install the View Composer service. Verify that you have the DSN, domain administrator user name, and password that you provided in the ODBC Data Source Administrator wizard. You enter this information when you install the View Composer service.
Procedure 1 Download the VMware View Composer installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer on which vCenter Server is installed. The installer filename is VMware-viewcomposer-xxxxxx.exe, where xxxxxx is the build number. This installer file installs the View Composer service on 64-bit and 32-bit Windows Server operating systems. 2 To start the View Composer installation program, double-click the installer file. On Windows Server 2008 computers, you might have to right-click the installer file and select Run As Administrator. 3 4 5 Accept the VMware license terms. Accept or change the destination folder. Type the DSN for the View Composer database that you provided in the Microsoft or Oracle ODBC Data Source Administrator wizard. For example: VMware View Composer NOTE If you did not configure a DSN for the View Composer database, click ODBC DSN Setup to configure a name now. 6 Type the domain administrator user name and password that you provided in the ODBC Data Source Administrator wizard. If you configured an Oracle database user with specific security permissions, specify this user name. 7 Type a port number or accept the default value. View Connection Server uses this port to communicate with the View Composer service. 8 Provide an SSL certificate.
Option Create default SSL certificate Use an existing SSL certificate Action Click this radio button to create a default SSL certificate for the View Composer service. Click this radio button if you have an SSL certificate you want to use for the View Composer service. Select an SSL certificate from the list.
Click Install and Finish to complete the View Composer service installation.
The VMware View Composer service starts on the vCenter Server computer.
VMware, Inc.
37
After you create the path and folder information for linked-clone virtual machines, do not change the information in vCenter Server. Instead, use View Administrator to change the folder information. If you change this information in vCenter Server, View Manager cannot successfully look up the virtual machines in vCenter Server.
Make sure that the vSwitch settings on the ESX host are configured with enough ports to support the total number of virtual NICs that are configured on the linked-clone virtual machines that run on the ESX host. When you deploy linked-clone desktops in a resource pool, make sure that your vSphere environment has enough CPU and memory to host the number of desktops that you require. Use vSphere Client to monitor CPU and memory usage in resource pools. A cluster that is used for View Composer linked clones can contain at most eight ESX hosts. In a large View Composer environment, you might have to configure many eight-host clusters. Use vSphere DRS. DRS efficiently distributes linked-clone virtual machines among your hosts. NOTE Storage vMotion is not supported for linked-clone desktops.
38
VMware, Inc.
To use View Connection Server, you install the software on supported computers, configure the required components, and, optionally, optimize the components. This chapter includes the following topics:
n n n n n
Installing the View Connection Server Software, on page 39 Configuring User Accounts for vCenter Server and View Composer, on page 53 Configuring View Connection Server for the First Time, on page 56 Configuring View Client Connections, on page 60 Sizing Windows Server Settings to Support Your Deployment, on page 63
View Manager View Manager with View Composer and Local Mode
VMware, Inc.
39
You must join the View Connection Server host to an Active Directory domain. View Connection Server supports the following versions of Active Directory:
n n n
Windows 2000 Active Directory Windows 2003 Active Directory Windows 2008 Active Directory
The View Connection Server host must not be a domain controller. NOTE View Connection Server does not make, nor does it require, any schema or configuration updates to Active Directory. Do not install View Connection Server on systems that have the Windows Terminal Server role installed. You must remove the Windows Terminal Server role from any system on which you install View Connection Server. Do not install View Connection Server on a system that performs any other functions or roles. For example, do not use the same system to host vCenter Server. The system on which you install View Connection Server must have a static IP address. To install View Connection Server, you must use a domain user account with administrator privileges on the system.
Verify that you can log in as a domain user with administrator privileges on the Windows Server computer on which you install View Connection Server. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Familiarize yourself with the network ports that must be opened on the Windows Firewall for View Connection Server instances. See Firewall Rules for View Connection Server, on page 43.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 4 To start the View Connection Server installation program, double-click the installer file. Accept the VMware license terms. Accept or change the destination folder.
40
VMware, Inc.
5 6 7
Select the View Standard Server installation option. Accept the Microsoft Software Supplemental License Agreement for Microsoft Active Directory Application Mode (ADAM). If you install View Connection Server on Windows Server 2008, choose how to configure the Windows Firewall service.
Option Configure Windows Firewall automatically Do not configure Windows Firewall Action Let the installer configure Windows Firewall to allow the required network connections. Configure the Windows firewall rules manually.
If you install View Connection Server on Windows Server 2003, you must configure the required Windows firewall rules manually. 8 Complete the installation wizard to finish installing View Connection Server.
The VMware View services are installed on the Windows Server computer:
n n n n n n n n
VMware View Connection Server VMware View Framework Component VMware View Message Bus Component VMware View Script Host VMware View Security Gateway Component VMware View PCoIP Secure Gateway VMware View Web Component VMware VDMDS, which provides View LDAP directory services
For information about these services, see the VMware View Administration document. What to do next Perform initial configuration on View Connection Server. If you plan to include replicated View Connection Server instances and security servers in your deployment, you must install each server instance by running the View Connection Server installer file. If you are reinstalling View Connection Server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.
Verify that you can log in as a domain user with administrator privileges on the Windows Server computer on which you install View Connection Server. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39.
VMware, Inc.
41
Verify that the Windows computer on which you install View Connection Server has version 2.0 or later of the MSI runtime engine. For details, see the Microsoft Web site. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation properties available with a standard installation of View Connection Server. See Silent Installation Properties for a View Connection Server Standard Installation, on page 42.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 Open a command prompt on the Windows Server computer. Type the installation command on one line. For example: VMware-viewconnectionserver-4.6.x-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=1" The VMware View services are installed on the Windows Server computer. For details, see Install View Connection Server with a New Configuration, on page 40.
For example, to perform a standard installation, define VDM_SERVER_INSTANCE_TYPE=1 FWCHOICE The MSI property that determines whether to configure a firewall for the View Connection Server instance. A value of 1 configures a firewall. A value of 2 does not configure a firewall. For example: FWCHOICE=1 1
42
VMware, Inc.
Verify that at least one View Connection Server instance is installed and configured on the network. Verify that you can log in as a domain user with administrator privileges on the Windows Server computer on which you plan to install the replicated instance. If the existing View Connection Server instance is in a different domain than the replicated instance, the domain user must also have local administrator privileges on the Windows Server computer where the existing instance is installed. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Verify that the computers on which you install replicated View Connection Server instances are connected over a high-performance LAN. See Network Requirements for Replicated View Connection Server Instances, on page 9.
VMware, Inc.
43
Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Familiarize yourself with the network ports that must be opened on the Windows Firewall for View Connection Server instances. See Firewall Rules for View Connection Server, on page 43.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 4 5 6 7 8 To start the View Connection Server installation program, double-click the installer file. Accept the VMware license terms. Accept or change the destination folder. Select the View Replica Server installation option. Enter the host name or IP address of the existing View Connection Server instance you are replicating. Accept the Microsoft Software Supplemental License Agreement for Microsoft Active Directory Application Mode (ADAM). If you install View Connection Server on Windows Server 2008, choose how to configure the Windows Firewall service.
Option Configure Windows Firewall automatically Do not configure Windows Firewall Action Let the installer configure Windows Firewall to allow the required network connections. Configure the Windows firewall rules manually.
If you install View Connection Server on Windows Server 2003, you must configure the required Windows firewall rules manually. 9 Complete the installation wizard to finish installing the replicated instance.
The VMware View services are installed on the Windows Server computer:
n n n n n n n n
VMware View Connection Server VMware View Framework Component VMware View Message Bus Component VMware View Script Host VMware View Security Gateway Component VMware View PCoIP Secure Gateway VMware View Web Component VMware VDMDS, which provides View LDAP directory services
For information about these services, see the VMware View Administration document. What to do next You do not have to perform initial configuration on a replicated instance of View Connection Server. The replicated instance inherits its configuration from the existing View Connection Server instance. If you are reinstalling View Connection Server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.
44
VMware, Inc.
Verify that at least one View Connection Server instance is installed and configured on the network. Verify that you can log in as a domain user with administrator privileges on the Windows Server computer on which you plan to install the replicated instance. If the existing View Connection Server instance is in a different domain than the replicated instance, the domain user must also have local administrator privileges on the Windows Server computer where the existing instance is installed. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Verify that the computers on which you install replicated View Connection Server instances are connected over a high-performance LAN. See Network Requirements for Replicated View Connection Server Instances, on page 9. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation properties available with a replica installation of View Connection Server. See Silent Installation Properties for a Replicated Instance of View Connection Server, on page 46.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 Open a command prompt on the Windows Server computer. Type the installation command on one line. For example: VMware-viewconnectionserver-4.6.x-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=2
ADAM_PRIMARY_NAME=cs1.companydomain.com"
The VMware View services are installed on the Windows Server computer. For details, see Install a Replicated Instance of View Connection Server, on page 43.
VMware, Inc.
45
1. Standard installation 2. Replica installation 3. Security server installation 4. View Transfer Server installation
To install a replicated instance, define VDM_SERVER_INSTANCE_TYPE=2 This MSI property is optional for a standard installation. It is required for all other types of installation. ADAM_PRIMARY_NAME The host name or IP address of the existing View Connection Server instance you are replicating. For example: ADAM_PRIMARY_NAME=cs1.companydomain.com This MSI property is required. ADAM_PRIMARY_PORT The View LDAP port of the existing View Connection Server instance you are replicating. For example: ADAM_PRIMARY_PORT=cs1.companydomain.com This MSI property is optional. FWCHOICE The MSI property that determines whether to configure a firewall for the View Connection Server instance. A value of 1 configures a firewall. A value of 2 does not configure a firewall. For example: FWCHOICE=1 This MSI property is optional. 1 None None
46
VMware, Inc.
Type the password in the Pairing password and Confirm password text boxes and specify a password timeout value. You must use the password within the specified timeout period.
What to do next Install a security server. See Install a Security Server, on page 47. IMPORTANT If you do not provide the security server pairing password to the View Connection Server installation program within the password timeout period, the password becomes invalid and you must configure a new password.
Determine the type of topology to use. For example, determine which load balancing solution to use. Decide if the View Connection Server instances that are paired with security servers will be dedicated to users of the external network. For information, see the VMware View Architecture Planning document. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Verify that the View Connection Server instance to be paired with the security server is installed and configured and is running View Connection Server 4.6 or later. You cannot pair a View 4.6 or later security server with an older version of View Connection Server. Verify that the View Connection Server instance to be paired with the security server is accessible to the computer on which you plan to install the security server. Configure a security server pairing password. See Configure a Security Server Pairing Password, on page 46. Familiarize yourself with the format of external URLs. See Configuring External URLs for PCoIP Secure Gateway and Tunnel Connections, on page 61. Familiarize yourself with the network ports that must be opened on the Windows Firewall for a security server. See Firewall Rules for View Connection Server, on page 43.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 4 5 To start the View Connection Server installation program, double-click the installer file. Accept the VMware license terms. Accept or change the destination folder. Select the View Security Server installation option.
VMware, Inc.
47
Type the fully qualified domain name or IP address of the View Connection Server instance to pair with the security server in the Server text box. The security server forwards network traffic to this View Connection Server instance.
Type the security server pairing password in the Password text box. If the password has expired, you can use View Administrator to configure a new password and type the new password in the installation program.
In the External URL text box, type the external URL of the security server for View Clients that use the RDP or PCoIP display protocols. The URL must contain the protocol, client-resolvable security server name or IP address, and port number. Tunnel clients that run outside of your network use this URL to connect to the security server. For example: https://view.example.com:443
In the PCoIP External URL text box, type the external URL of the security server for View Clients that use the PCoIP display protocol. Specify the PCoIP external URL as an IP address with the port number 4172. Do not include a protocol name. For example: 100.200.300.400:4172 The URL must contain the IP address and port number that a client system can use to reach the security server. You can type into the text box only if a PCoIP Secure Gateway is installed on the security server.
10
If you install the security server on Windows Server 2008, choose how to configure the Windows Firewall service.
Option Configure Windows Firewall automatically Do not configure Windows Firewall Action Let the installer configure Windows Firewall to allow the required network connections. Configure the Windows firewall rules manually.
If you install the security server on Windows Server 2003, you must configure the required Windows firewall rules manually. 11 Complete the installation wizard to finish installing the security server.
The security server services are installed on the Windows Server computer:
n n n n
VMware View Security Server VMware View Framework Component VMware View Security Gateway Component VMware View PCoIP Secure Gateway
For information about these services, see VMware View Administration. The security server appears in the Security Servers pane in View Administrator. What to do next If you are reinstalling the security server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.
48
VMware, Inc.
Determine the type of topology to use. For example, determine which load balancing solution to use. Decide if the View Connection Server instances that are paired with security servers will be dedicated to users of the external network. For information, see the VMware View Architecture Planning document. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Verify that the View Connection Server instance to be paired with the security server is installed and configured and is running View Connection Server 4.6 or later. You cannot pair a View 4.6 or later security server with an older version of View Connection Server. Verify that the View Connection Server instance to be paired with the security server is accessible to the computer on which you plan to install the security server. Configure a security server pairing password. See Configure a Security Server Pairing Password, on page 46. Familiarize yourself with the format of external URLs. See Configuring External URLs for PCoIP Secure Gateway and Tunnel Connections, on page 61. Familiarize yourself with the network ports that must be opened on the Windows Firewall for a security server. See Firewall Rules for View Connection Server, on page 43. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation properties available with a security server. See Silent Installation Properties for a Security Server, on page 50.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 Open a command prompt on the Windows Server computer. Type the installation command on one line. For example: VMware-viewconnectionserver-4.5.x-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=3
VDM_SERVER_NAME=cs1.internaldomain.com VDM_SERVER_SS_EXTURL=https://view.companydomain.com: 443 VDM_SERVER_SS_PCOIP_IPADDR=10.20.30.40 VDM_SERVER_SS_PCOIP_TCPPORT=4172 VDM_SERVER_SS_PCOIP_UDPPORT=4172 VDM_SERVER_SS_PWD=secret"
The VMware View services are installed on the Windows Server computer. For details, see Install a Security Server, on page 47.
VMware, Inc.
49
1. Standard installation 2. Replica installation 3. Security server installation 4. View Transfer Server installation
To install a security server, define VDM_SERVER_INSTANCE_TYPE=3 This MSI property is optional for a standard installation. It is required for all other types of installation. VDM_SERVER_NAME The host name or IP address of the existing View Connection Server instance to pair with the security server. For example: VDM_SERVER_NAME=cs1.internaldomain.com This MSI property is required. VDM_SERVER_SS_EXTURL The external URL of the security server. The URL must contain the protocol, externally resolvable security server name, and port number For example: VDM_SERVER_SS_EXTURL=https://view.companydomain.com:443 This MSI property is required. VDM_SERVER_SS_PWD The security server pairing password. For example: VDM_SERVER_SS_PWD=secret This MSI property is required. FWCHOICE The MSI property that determines whether to configure a firewall for the View Connection Server instance. A value of 1 configures a firewall. A value of 2 does not configure a firewall. For example: FWCHOICE=1 This MSI property is optional. VDM_SERVER_SS_PCOIP_IP ADDR The PCoIP Secure Gateway external IP address. This property is supported only when the security server is installed on Windows Server 2008 R2 or later. For example: VDM_SERVER_SS_PCOIP_IPADDR=10.20.30.40 The PCoIP Secure Gateway external TCP port number. This property is supported only when the security server is installed on Windows Server 2008 R2 or later. For example: VDM_SERVER_SS_PCOIP_TCPPORT=4172 The PCoIP Secure Gateway external UDP port number. This property is supported only when the security server is installed on Windows Server 2008 R2 or later. For example: VDM_SERVER_SS_PCOIP_UDPPORT=4172 None 1 None None None
VDM_SERVER_SS_PCOIP_T CPPORT
None
VDM_SERVER_SS_PCOIP_U DPPORT
None
50
VMware, Inc.
MSI_command_line_options"
You control the remainder of a silent installation by passing command-line options and MSI property values to the MSI installer, msiexec.exe. The MSI installer includes the View component's installation code. The installer uses the values and options that you enter in the command line to interpret installation choices and setup options that are specific to the View component. Table 5-6 shows the command-line options and MSI property values that are passed to the MSI installer. Table 5-6. MSI Command-Line Options and MSI Properties
MSI Option or Property /qn Description Instructs the MSI installer not to display the installer wizard pages. For example, you might want to install View Agent silently and use only default setup options and features: VMware-viewagent-4.6.x-xxxxxx.exe /s /v"/qn" Alternatively, you can use the /qb option to display the wizard pages in a noninteractive, automated installation. As the installation proceeds, the wizard pages are displayed, but you cannot respond to them. The /qn or /qb option is required to run a silent installation. INSTALLDIR Specifies an alternative installation path for the View component. Use the format INSTALLDIR=path to specify an installation path. You can ignore this MSI property if you want to install the View component in the default path. This MSI property is optional.
VMware, Inc.
51
/l*v log_file
Syntax
msiexec.exe /qb /x
product_code
Options
The /qb option displays the uninstall progress bar. To suppress displaying the uninstall progress bar, replace the /qb option with the /qn option. The /x option uninstalls the View component. The product_code string identifies the View component product files to the MSI uninstaller. You can find the product_code string by searching for ProductCode in the %TEMP%\vmmsi.log file that is created during the installation. For information about MSI command-line options, see Microsoft Windows Installer Command-Line Options, on page 51.
52
VMware, Inc.
Examples
Uninstall a View Connection Server instance.
msiexec.exe /qb /x {D6184123-57B7-26E2-809B-090435A8C16A}
Where to Use the vCenter Server User and Domain User for View Composer
After you create and configure these two user accounts, you specify the user names in View Administrator.
n n n
You specify a vCenter Server user when you add vCenter Server to View Manager. You specify a domain user for View Composer when you configure View Composer for vCenter Server. You specify the domain user for View Composer when you create linked-clone pools.
Configure a vCenter Server User for View Manager, View Composer, and Local Mode
To configure a user account that gives View Manager permission to operate in vCenter Server, you must assign a role with appropriate privileges to that user. To use the View Composer service in vCenter Server, you must give the user account additional privileges. To manage desktops that are used in local mode, you must give the user account privileges that include View Manager, View Composer, and local mode privileges. To support View Composer, you also must make this user a local system administrator on the vCenter Server computer. Prerequisites
n
In Active Directory, create a user in the View Connection Server domain or a trusted domain. See Creating a User Account for vCenter Server, on page 24. Familiarize yourself with the privileges that are required for the user account. See View Manager Privileges Required for the vCenter Server User, on page 55. If you use View Composer, familiarize yourself with the additional required privileges. See View Composer Privileges Required for the vCenter Server User, on page 55. If you manage local desktops, familiarize yourself with the additional required privileges. See Local Mode Privileges Required for the vCenter Server User, on page 56.
VMware, Inc.
53
Procedure 1 In vCenter Server, prepare a role with the required privileges for the user.
n
You can use the predefined Administrator role in vCenter Server. This role can perform all operations in vCenter Server. If you use View Composer, you can create a limited role with the minimum privileges needed by View Manager and View Composer to perform vCenter Server operations. In vSphere Client, click Home > Roles > Add Role, enter a role name such as View Composer Administrator, and select privileges for the role. This role must have all the privileges that both View Manager and View Composer need to operate in vCenter Server.
If you manage local desktops, you can create a limited role with the minimum privileges needed by View Manager, View Composer, and the local mode feature to perform vCenter Server operations. In vSphere Client, click Home > Roles > Add Role, enter a role name such as Local Mode Administrator, and select privileges for the role. This role must have all the privileges that View Manager, View Composer, and the local mode feature need to operate in vCenter Server.
If you use View Manager without View Composer and do not manage local desktops, you can create an even more limited role with the minimum privileges needed by View Manager to perform vCenter Server operations. In vSphere Client, click Home > Roles > Add Role, enter a role name such as View Manager Administrator, and select privileges for the role.
In vSphere Client, right-click the vCenter Server at the top level of the inventory, click Add Permission, and add the vCenter Server user. NOTE You must define the vCenter Server user at the vCenter Server level.
3 4
From the drop-down menu, select the Administrator role, or the View Composer or View Manager role that you created, and assign it to the vCenter Server user. If you use View Composer, on the vCenter Server computer, add the vCenter Server user account as a member of the local system Administrators group. View Composer requires that the vCenter Server user is a system administrator on the vCenter Server computer.
What to do next In View Administrator, when you add vCenter Server to View Manager, specify the vCenter Server user. See Add vCenter Server Instances to View Manager, on page 57.
54
VMware, Inc.
Resource
Virtual machine
Resource Global
Network
VMware, Inc.
55
Use one View Administrator interface to manage the View components that are associated with a single, standalone View Connection Server instance or a group of replicated View Connection Server instances. You can use the IP address of any replicated instance to log in to View Administrator.
You must use a separate View Administrator interface to manage the View components for each single, standalone View Connection Server instance and each group of replicated View Connection Server instances.
You also use View Administrator to manage security servers and View Transfer Server instances associated with View Connection Server.
n n
Each security server is associated with one View Connection Server instance. Each View Transfer Server instance can communicate with any View Connection Server instance in a group of replicated instances.
Verify that View Connection Server is installed on a dedicated computer. Verify that you are using a Web browser supported by View Administrator. See View Administrator Requirements, on page 9.
56
VMware, Inc.
Procedure 1 Open your Web browser and enter the following URL, where server is the host name or IP address of the View Connection Server instance.
https://server/admin
You access View Administrator by using a secure (SSL) connection. When you first connect, your Web browser might display a page warning that the security certificate associated with the address is not issued by a trusted certificate authority. This response is expected behavior because the default certificate supplied with View Connection Server is self-signed. 2 3 Click Ignore to continue using the current SSL certificate. Log in using administrator credentials on the View Connection Server computer. Initially, all users who are members of the local Administrators group (BUILTIN\Administrators) on the View Connection Server computer are allowed to log in to View Administrator. After you log in to View Administrator, you can use View Configuration > Administrators to change the list of View Manager administrators.
VMware, Inc.
57
Prerequisites
n n
Install the View Connection Server product license key. Prepare a vCenter Server user with permission to perform the operations in vCenter Server that are necessary to support View Manager. To use View Composer, you must give the user additional privileges. To manage desktops that are used in local mode, you must give the user privileges in addition to those that are required for View Manager and View Composer. See Configure a vCenter Server User for View Manager, View Composer, and Local Mode, on page 53.
If you plan to have View Connection Server connect to the vCenter Server instance using a secure channel (SSL), install a server SSL certificate on the vCenter Server host.
Procedure 1 2 3 In View Administrator, click View Configuration > Servers. In the vCenter Servers panel, click Add. In the server address text box, type the fully qualified domain name (FQDN) or IP address of the vCenter Server instance. The FQDN includes the host name and domain name. For example, in the FQDN myserverhost.companydomain.com, myserverhost is the host name and companydomain.com is the domain. NOTE If you enter a server by using a DNS name or URL, View Manager does not perform a DNS lookup to verify whether an administrator previously added this server to View Manager by using its IP address. A conflict arises if you add a vCenter Server with both its DNS name and its IP address. 4 5 6 7 8 Type the name of the vCenter Server user. Type the vCenter Server user password. (Optional) Type a description for this vCenter Server instance. To connect to the vCenter Server instance using a secure channel (SSL), make sure that Connect using SSL is selected. SSL connection is the default setting. Type the TCP port number. The default port is 443. 9 (Optional) Click Advanced to configure the maximum concurrent pool operations in vCenter Server. a Set the maximum number of concurrent provisioning operations. This setting determines the largest number of concurrent requests that View Manager can make to provision full virtual machines in this vCenter Server instance. The default value is eight. This setting does not control linked-clone provisioning. b Set the maximum number of concurrent power operations. This setting determines the largest number of power operations (startup, shutdown, suspend, and so on) that can take place simultaneously on virtual machines managed by View Manager in this vCenter Server instance. The default value is five. This setting controls power operations for full virtual machines and linked clones. 10 Choose whether to configure View Composer.
Option You are not using View Composer You are using View Composer Action Click OK. Configure the View Composer settings.
58
VMware, Inc.
What to do next If this View Connection Server instance or group of replicated View Connection Server instances uses multiple vCenter Server instances, repeat this procedure to add the other vCenter Server instances.
Your Active Directory administrator must create a domain user with permission to add and remove virtual machines from the Active Directory domain that contains your linked clones. To manage the linked-clone machine accounts in Active Directory, the domain user must have Create Computer Objects, Delete Computer Objects, and Write All Properties permissions. See Create a User Account for View Composer, on page 25.
You must configure View Manager to connect to vCenter Server. See Add vCenter Server Instances to View Manager, on page 57.
Procedure 1 In View Administrator, open the Edit vCenter Server dialog box. a b c 2 Click View Configuration > Servers. In the vCenter Servers panel, select the vCenter Server entry. Click Edit.
Select Enable View Composer and make sure that the port number is the same as the port that you specified when you installed the View Composer service on vCenter Server. View Manager verifies that the View Composer service is running on vCenter Server.
Click Add to add the domain user for View Composer account information. a Type the domain name of the Active Directory domain. For example: domain.com b Type the domain user name, including the domain name. For example: domain.com\admin c d e Type the account password. Click OK. To add domain user accounts with privileges in other Active Directory domains in which you deploy linked-clone pools, repeat the preceding steps.
What to do next Repeat this procedure for each vCenter Server instance in which View Composer services are installed.
VMware, Inc.
59
60
VMware, Inc.
The secure tunnel is enabled by default. 4 Configure use of the PCoIP Secure Gateway.
Option Enable the PCoIP Secure Gateway Disable the PCoIP secure Gateway Description Select Use PCoIP Secure Gateway for PCoIP connections to desktop Deselect Use PCoIP Secure Gateway for PCoIP connections to desktop
The PCoIP Secure Gateway is disabled by default. 5 Click OK to save your changes.
Configuring External URLs for PCoIP Secure Gateway and Tunnel Connections
To use the secure tunnel, a client system must have access to an IP address, or a fully qualified domain name (FQDN) that it can resolve to an IP address, that allows the client to reach a View Connection Server or security server host. To use the PCoIP Secure Gateway, a client system must have access to an IP address that allows the client to reach a View Connection Server or security server host.
To use addresses like these in View Manager, you must configure the View Connection Server or security server host to return an external URL instead of the host's FQDN.
VMware, Inc.
61
The process of configuring the external URLs is different for View Connection Server instances and security servers.
n
For a View Connection Server instance, you set the external URLs by editing View Connection Server settings in View Administrator. For a security server, you set the external URLs when you run the View Connection Server installation program. You can use View Administrator to modify an external URL for a security server.
62
VMware, Inc.
Type the Secure Tunnel external URL in the External URL text box. The URL must contain the protocol, client-resolvable security server host name or IP address, and port number. For example: https://view.example.com:443
Type the PCoIP Secure Gateway external URL in the PCoIP External URL text box. Specify the PCoIP external URL as an IP address with the port number 4172. Do not include a protocol name. For example: 100.200.300.400:4172 The URL must contain the IP address and port number that a client system can use to reach this security server. You can type into the text box only if a PCoIP Secure Gateway is installed on the security server.
View Administrator sends the updated external URLs to the security server. You do not need to restart the security server service for the changes to take effect.
Ephemeral Ports
View Manager uses ephemeral ports to establish TCP connections between View Connection Server and the View desktops that it administers. To support a large View desktop deployment, you can increase the number of available ephemeral ports. An ephemeral port is a short-lived endpoint that is created by the operating system when a program requests any available user port. The operating system selects the port number from a predefined range, typically between 1024 and 65535, and releases the port after the related TCP connection terminates. By default, the system can create a maximum of approximately 4,000 ephemeral ports that run concurrently on Windows Server 2003 and approximately 16,000 on Windows Server 2008. On 32-bit Windows Server 2003 computers, you should increase the number of available ephemeral ports if a View Connection Server instance is likely to use more than 800 concurrent client connections.
VMware, Inc.
63
Where
clients servers
Projected number of concurrent client connections Number of View Connection Server instances in the replicated group
Example: Calculating the Number of Ephemeral Ports For example, you might plan a deployment managed by three View Connection Server instances. If you anticipate having 3,000 concurrent client connections, you would need 5,010 ephemeral ports, as shown in Table 5-10. Table 5-10. Example of Calculating the Number of Ephemeral Ports
Configuration Parameter Projected number of concurrent client connections Number of View Connection Server instances in the replicated group ( (5 x clients) / servers ) + 10 = number of ephemeral ports on each View Connection Server Sample Values 3,000 3 (5x3,000) / 3 + 10 = 5,010
What to do next Use the Worksheets for Calculating Ephemeral Ports and TCB Hash Table Size, on page 67 to fill in values for your deployment.
64
VMware, Inc.
Procedure 1 On the Windows Server computer, start the Windows Registry Editor. a b 2 Select Start > Command Prompt. At the command prompt, type regedit.
4 5
Exit the Windows Registry Editor. Restart the Windows Server computer.
You use two different formulas to calculate the TCB hash table size on View Connection Server instances and security servers.
VMware, Inc.
65
Calculate the Size of the TCB Hash Table for View Connection Server
To support a large number of View desktops, you can optimize the size of the TCB hash table on each View Connection Server instance. Calculate the size in rows. Procedure
u
Where
clients servers desktops
Projected number of concurrent client connections Number of View Connection Server instances in the replicated group Number of View desktop sources in your deployment
Example: Calculating the Size of the TCB Hash Table on Each View Connection Server For example, you might have 3,000 concurrent client connections, three View Connection Server instances, and 6,000 View desktop sources in your deployment. For each View Connection Server instance, the result is 11,020, as shown in Table 5-12. Table 5-12. Example of Calculating the Size of the TCB Hash Table on Each View Connection Server
Configuration Parameter Projected number of concurrent client desktop connections Number of View Connection Server instances Number of View desktop sources ( (5 x clients) / servers ) + desktops + 20 = number of TCB hash table rows on each server Sample Values 3,000 3 6,000 (5x3,000) / 3 + 6,000 + 20 = 11,020
What to do next Use the Worksheets for Calculating Ephemeral Ports and TCB Hash Table Size, on page 67 to fill in values for your deployment.
Calculate the Size of the TCB Hash Table for Security Servers
To support a large number of View desktops, you can optimize the size of the TCB hash table on each security server. Calculate the size in rows. Procedure
u
Where
clients security servers
Example: Calculating the Size of the TCB Hash Table on Each Security Server For example, you might have 3,000 concurrent client connections and two security servers in your deployment.
66
VMware, Inc.
For each security server, the result is 7,510, as shown in Table 5-13. Table 5-13. Example of Calculating the Size of the TCB Hash Table on Each Security Server
Configuration Parameter Projected number of concurrent client desktop connections Number of security servers ( (5 x clients) / security servers ) + 10 = number of TCB hash table rows on each security server Sample Values 3,000 2 (5x3,000) / 2 + 10 = 7,510
What to do next Use the Worksheets for Calculating Ephemeral Ports and TCB Hash Table Size, on page 67 to fill in values for your deployment.
Increase the Size of the TCB Hash Table on a Windows Server Computer
Edit the Windows registry to increase the size of the TCB hash table on a Windows Server computer on which View Connection Server runs. Active Directory group policies can override registry entries. When possible, use a group policy to set the size of the TCB hash table on View Connection Server. Procedure 1 On the Windows Server computer, start the Windows Registry Editor a b 2 Select Start > Command Prompt. At the command prompt, type regedit.
Click Edit > New and add the following registry entry.
Value Value Value Valid Name: MaxHashTableSize Type: DWORD data: calculated hash table size Range: 64-65536 (decimal)
4 5
Exit the Windows Registry Editor. Restart the Windows Server computer.
Worksheets for Calculating Ephemeral Ports and TCB Hash Table Size
Use these worksheets to calculate the number of ephemeral ports and the size of the TCB hash table on each View Connection Server instance and security server in your deployment. Table 5-14. Configuration Parameters
Configuration Parameters Projected number of concurrent client connections Number of View Connection Server instances Number of security servers Number of View desktop sources Fill in Your Site's Value
VMware, Inc.
67
Table 5-16. TCB Hash Table Size for View Connection Servers
Hash Table Size for View Connection Servers ( (5 x clients) / servers ) + desktops + 20 = Number of hash table rows on each View Connection Server instance Fill in Your Site's Value
68
VMware, Inc.
Click Edit > Modify. A Windows dialog box displays an entry like the following one.
-Xms128m -Xmx512m -Xss96k -Xrs -XX:+UseConcMarkSweepGC -Dsimple.http.poller=simple.http.GranularPoller -Dsimple.http.connect.configurator=com.vmware.vdi.front.SimpleConfigurator
Edit the -Xmx parameter to have the value -Xmx1024m. The dialog box displays the following entry.
-Xms128m -Xmx1024m -Xss96k -Xrs -XX:+UseConcMarkSweepGC -Dsimple.http.poller=simple.http.GranularPoller -Dsimple.http.connect.configurator=com.vmware.vdi.front.SimpleConfigurator
5 6
Click OK and exit the Registry Editor. Restart the Windows Server computer.
VMware, Inc.
69
Procedure 1 On the Windows Server computer on which View Connection Server is installed, navigate to the Virtual Memory dialog box. By default, Custom size is selected. An initial and maximum page-file size appear. 2 Click System managed size.
Windows continually recalculates the system page-file size based on current memory use and available memory.
70
VMware, Inc.
View Transfer Server transfers data between local desktops and the datacenter during check in, check out, and replication. To install View Transfer Server, you install the software on a Windows Server virtual machine, add View Transfer Server to your View Manager deployment, and configure the Transfer Server repository. You must install and configure View Transfer Server if you deploy View Client with Local Mode on client computers. You must have a license to install View Transfer Server and use local desktops. 1 Install View Transfer Server on page 71 View Transfer Server downloads system-image files, synchronizes data between local desktops and the corresponding remote desktops in the datacenter, and transfers data when users check in and check out local desktops. You install View Transfer Server in a virtual machine that runs Windows Server. 2 Add View Transfer Server to View Manager on page 73 View Transfer Server works with View Connection Server to transfer files and data between local desktops and the datacenter. Before View Transfer Server can perform these tasks, you must add it to your View Manager deployment. 3 Configure the Transfer Server Repository on page 74 The Transfer Server repository stores View Composer base images for linked-clone desktops that run in local mode. To give View Transfer Server access to the Transfer Server repository, you must configure it in View Manager. If you do not use View Composer linked clones in local mode, you do not have to configure a Transfer Server repository. 4 5 Firewall Rules for View Transfer Server on page 75 Certain incoming TCP ports must be opened on the firewall for View Transfer Server instances. Installing View Transfer Server Silently on page 75 You can install View Transfer Server silently by typing the installer filename and installation options at the command line. With silent installation, you can efficiently deploy View components in a large enterprise.
VMware, Inc.
71
Prerequisites
n
Verify that you have local administrator privileges on the Windows Server on which you will install View Transfer Server. Verify that your installation satisfies the View Transfer Server requirements described in View Transfer Server Requirements, on page 12. Verify that you have a license to install View Transfer Server and use local desktops. Familiarize yourself with the network ports that must be opened on the Windows Firewall for View Connection Server instances. See Firewall Rules for View Transfer Server, on page 75.
n n
CAUTION Verify that the virtual machine that hosts View Transfer Server is configured with an LSI Logic Parallel SCSI controller. You cannot install View Transfer Server on a virtual machine with a SAS or VMware paravirtual controller. On Windows Server 2008 virtual machines, the LSI Logic SAS controller is selected by default. You must change this selection to an LSI Logic Parallel controller before you install the operating system. Procedure 1 Download the VMware View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 4 5 6 To start the installation program, double-click the installer file. Accept the VMware license terms. Accept or change the destination folder. Select View Transfer Server. Configure the Apache Web Server to which View Transfer Server is deployed. You can accept the default values for the network domain, Apache Server name, and administrator's email address that are provided by the installer. 7 If you install View Transfer Server on Windows Server 2008, choose how to configure the Windows Firewall service.
Option Configure Windows Firewall automatically Do not configure Windows Firewall Action Let the installer configure Windows Firewall to allow the required network connections. Configure the Windows firewall rules manually.
If you install View Transfer Server on Windows Server 2003, you must configure the required Windows firewall rules manually. 8 Complete the installation program to install View Transfer Server.
The VMware View Transfer Server, View Transfer Server Control Service, and VMware View Framework Component services are installed and started on the virtual machine. What to do next In View Administrator, add View Transfer Server to your View Manager deployment.
72
VMware, Inc.
Verify that View Transfer Server is installed on a Windows Server virtual machine. Verify that vCenter Server is added to View Manager. The View Configuration > Servers page in View Administrator displays vCenter Server instances that are added to View Manager.
Procedure 1 2 3 4 In View Administrator, click View Configuration > Servers. In the Transfer Servers panel, click Add. In the Add Transfer Server wizard, select the vCenter Server instance that manages the View Transfer Server virtual machine and click Next. Select the virtual machine where View Transfer Server is installed and click Finish. View Connection Server reconfigures the virtual machine with four SCSI controllers. The multiple SCSI controllers allow View Transfer Server to perform an increased number of disk transfers concurrently. In View Administrator, the View Transfer Server instance appears in the Transfer Servers panel. If no Transfer Server repository is configured, the View Transfer Server status changes from Pending to Missing Transfer Server Repository. If a Transfer Server repository is configured, the status changes from Pending to Initializing Transfer Server Repository to Ready. This process can take several minutes. You can click the refresh button in View Administrator to check the current status. When the View Transfer Server instance is added to View Manager, the Apache2.2 service is started on the View Transfer Server virtual machine. CAUTION If your View Transfer Server virtual machine is an earlier version than hardware version 7, you must configure the static IP address on the View Transfer Server virtual machine after you add View Transfer Server to View Manager. When multiple SCSI controllers are added to the View Transfer Server virtual machine, Windows removes the static IP address and reconfigures the virtual machine to use DHCP. After the virtual machine restarts, you must re-enter the static IP address in the virtual machine.
VMware, Inc.
73
Verify that View Transfer Server is installed on a Windows Server virtual machine. Verify that View Transfer Server is added to View Manager. See Add View Transfer Server to View Manager, on page 73. NOTE Adding View Transfer Server to View Manager before you configure the Transfer Server repository is a best practice, not a requirement.
Procedure 1 Configure a path and folder for the Transfer Server repository. The Transfer Server repository can be on a local drive or a network share.
Option Local Transfer Server repository Action On the virtual machine where View Transfer Server is installed, create a path and folder for the Transfer Server repository. For example: C:\TransferRepository\ Configure a UNC path for the network share. For example: \\server.domain.com\TransferRepository\ All View Transfer Server instances that you add to this View Manager deployment must have network access to the shared drive.
2 3
In View Administrator, click View Configuration > Servers. Put all View Transfer Server instances into maintenance mode. a b In the Transfer Servers panel, select a View Transfer Server instance. Click Enter Maintenance Mode and click OK. The View Transfer Server status changes to Maintenance mode. c Repeat Step 3a and Step 3b for each instance.
When all View Transfer Server instances are in maintenance mode, current transfer operations are stopped. 4 In the Transfer Servers panel, next to Transfer Server repository, click None Configured.
74
VMware, Inc.
5 6
In the General panel on the Transfer Server repository page, click Edit. Type the Transfer Server repository location and other information.
Option Network Share Description
n n n n
Path. Type the UNC path that you configured. Username. Type the user ID of an administrator with credentials to access the network share. Password. Type the administrator password. Domain. Type the domain name of the network share in NetBIOS format. Do not use the .com suffix.
Type the path that you configured on the local View Transfer Server virtual machine.
Click OK. If the repository network path or local drive is incorrect, the Edit Transfer Server Repository dialog displays an error message and does not let you configure the location. You must type a valid location.
On the View Configuration > Servers page, select the View Transfer Server instance and click Exit Maintenance Mode. The View Transfer Server status changes to Ready.
VMware, Inc.
75
Procedure 1 2 3 4 5 6 7 8 Log in to the Windows Server computer and click Start > Run. Type gpedit.msc and click OK. In the Group Policy Object Editor, click Local Computer Policy > Computer Configuration. Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. In the Always Install with Elevated Privileges Properties window, click Enabled and click OK. In the left pane, click User Configuration. Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. In the Always Install with Elevated Privileges Properties window, click Enabled and click OK.
Verify that you have local administrator privileges on the Windows Server on which you will install View Transfer Server. Verify that your installation satisfies the View Transfer Server requirements described in View Transfer Server Requirements, on page 12. Verify that you have a license to install View Transfer Server and use local desktops. Verify that the virtual machine on which you install View Transfer Server has version 2.0 or later of the MSI runtime engine. For details, see the Microsoft Web site. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation properties available with View Transfer Server. See Silent Installation Properties for View Transfer Server, on page 77. Verify that the Windows Installer group policies that are required for silent installation are configured on the Windows Server computer. See Set Group Policies to Allow Silent Installation of View Transfer Server, on page 75.
n n
CAUTION Verify that the virtual machine that hosts View Transfer Server is configured with an LSI Logic Parallel SCSI controller. You cannot install View Transfer Server on a virtual machine with a SAS or VMware paravirtual controller. On Windows Server 2008 virtual machines, the LSI Logic SAS controller is selected by default. You must change this selection to an LSI Logic Parallel controller before you install the operating system.
76
VMware, Inc.
Procedure 1 Download the VMware View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 Open a command prompt on the Windows Server computer. Type the installation command on one line. For example: VMware-viewconnectionserver-4.6.x-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=4" The VMware View Transfer Server, View Transfer Server Control Service, and VMware View Framework Component services are installed and started on the virtual machine. What to do next In View Administrator, add View Transfer Server to your View Manager deployment.
To install a View Transfer Server, define VDM_SERVER_INSTANCE_TYPE=4 This MSI property is optional for a standard installation. It is required for all other types of installation. SERVERDOMAIN The network domain of the virtual machine on which you install View Transfer Server. This value corresponds to the Apache Web Server network domain that is configured during an interactive installation. For example: SERVERDOMAIN=companydomain.com If you specify a custom Apache Web Server domain with the MSI property, SERVERDOMAIN, you also must specify custom SERVERNAME and SERVERADMIN properties. This MSI property is optional. None
VMware, Inc.
77
Table 6-2. MSI Properties for Silently Installing View Transfer Server (Continued)
MSI Property SERVERNAME Description The host name of the virtual machine on which you install View Transfer Server. This value corresponds to the Apache Web Server host name that is configured during an interactive installation. For example: SERVERNAME=ts1.companydomain.com If you specify a custom Apache Web Server host name with the MSI property, SERVERNAME, you also must specify custom SERVERDOMAIN and SERVERADMIN properties. This MSI property is optional. SERVERADMIN The email address of the administrator of Apache Web Server that is configured with View Transfer Server. For example: SERVERADMIN=admin@companydomain.com If you specify a custom Apache Web Server administrator with the MSI property, SERVERADMIN, you also must specify custom SERVERDOMAIN and SERVERNAME properties. This MSI property is optional. FWCHOICE The MSI property that determines whether to configure a firewall for the View Connection Server instance. A value of 1 configures a firewall. A value of 2 does not configure a firewall. For example: FWCHOICE=1 This MSI property is optional. 1 None Default Value None
78
VMware, Inc.
You can configure certificate authentication for View Connection Server instances, security servers, and View Transfer Server instances. This chapter includes the following topics:
n n n n n n
Replacing the Default Certificate, on page 79 Add keytool and openssl to the System Path, on page 80 Use an Existing PKCS#12 Certificate and Private Key, on page 80 Convert a PKCS#12 Keystore to JKS Format, on page 82 Creating a New SSL Certificate, on page 82 Configure a View Connection Server Instance or Security Server to Use a New Certificate, on page 85 Configure a View Transfer Server Instance to Use a New Certificate, on page 86 Configure SSL for Client Connections, on page 87 Configure SSL for View Transfer Server Communications, on page 88 Using Group Policy to Configure Certificate Checking in View Client, on page 88
n n n n
If you enable SSL for client connections, client-facing View Connection Server instances and security servers require a server SSL certificate. If you enable SSL for local mode operations and desktop provisioning, View Transfer Server instances require a server SSL certificate. If you configure smart card authentication in VMware View, client-facing View Connection Server instances and security servers require a root CA certificate in addition to a server SSL certificate.
VMware, Inc.
79
When you replace the default certificate with your own certificate, clients use your certificate to authenticate the server. If your certificate is signed by a CA, the certificate for the CA itself is typically embedded in the browser or is located in a trusted database that the client can access. After a client accepts the certificate, it responds by sending a secret key, which is encrypted with the public key contained in the certificate. The secret key is used to encrypt traffic between the client and the server. You use the keytool and openssl utilities to create and manage certificates for View.
Procedure 1 On your View Connection Server or security server host, right-click My Computer and select Properties. a b c On the Advanced tab, click Environment Variables. In the System variables group, select Path and click Edit. Type the path to the JRE directory in the Variable Value text box. Use a semicolon (;) to separate each entry from other entries in the text box. For example: install_directory\VMware\VMware View\Server\jre\bin 2 On your View Transfer Server host, right-click My Computer and select Properties. a b c On the Advanced tab, click Environment Variables. In the System variables group, select Path and click Edit. Type the paths to the JRE and Apache directories in the Variable Value text box. Use a semicolon (;) to separate each entry from other entries in the text box. For example: install_directory\VMware\VMware
View\Server\httpd\bin;install_directory\VMware\VMware View\Server\jre\bin
80
VMware, Inc.
Procedure 1 On the IIS application server host, click Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager. The Internet Information Services (IIS) Manager appears. 2 3 4 5 6 7 8 To view the list of sites hosted by the server, expand the local computer entry and click Web Sites. Right-click the Web site entry that contains the certificate you want to export and select Properties. On the Directory Security tab, click Server Certificate. When the Web Server Certificate wizard appears, click Next. Select Export the current certificate to a .pfx file and click Next. Specify a filename for the certificate file and click Next. Type and confirm a password to be used to encrypt the information you want to export and click Next. The system displays summary information about the certificate you are about export. 9 10 Verify the summary information and click Next > Finish. If you want to use the certificate with a View Transfer Server instance, use openssl to export the private key and server certificate in the required PEM format. a Open a command prompt and use openssl to export the private key from your .p12 or .pfx certificate file. For example: openssl pkcs12 -in server.pfx -nocerts -out key.pem b Remove the pass phrase from the private key and save it to the file server.key. This step prevents Apache from prompting you for your pass phrase each time it is restarted. For example: openssl rsa -in key.pem -out server.key c Export the server certificate from your certificate file and save it to the file server.crt. For example: openssl pkcs12 -in server.pfx -clcerts -nokeys -out server.crt What to do next Configure your View Connection Server instance, security server, or View Transfer Server instance to use the certificate. See Configure a View Connection Server Instance or Security Server to Use a New Certificate, on page 85 or Configure a View Transfer Server Instance to Use a New Certificate, on page 86.
VMware, Inc.
81
Add the server certificate and private key from the PKCS#12 file to the JKS keystore. For example:
keytool -importkeystore -destkeystore keys.jks -deststorepass secret -srckeystore keys.p12 srcstoretype PKCS12 -srcstorepass clydenw
The keytool utility creates the JKS keystore if it does not already exist. What to do next Configure your View Connection Server instance or security server to use the certificate. See Configure a View Connection Server Instance or Security Server to Use a New Certificate, on page 85.
82
VMware, Inc.
Import an Intermediate Certificate into a Keystore File on page 84 If your server certificate is signed by an intermediate CA rather than by a root CA, you must add the intermediate certificate to the keystore before you add the server certificate.
Import a Signed Server Certificate into a Keystore File on page 85 If you obtained a signed server certificate from a CA, use keytool to import the certificate into your keystore file.
Obtain a Signed Certificate from a CA for Use with a View Connection Server Instance or Security Server
To obtain a signed certificate from a CA, you must use keytool to generate a keystore file and a certificate signing request (CSR). For testing purposes, you can obtain a free temporary certificate based on an untrusted root from GlobalSign, Thawte, or VeriSign. Prerequisites Determine the fully qualified domain name (FQDN) that client computers use to connect to the host. Procedure 1 Open a command prompt and use keytool to create a keystore file and a CSR. For example:
keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.jks -storepass secret
If you are going to import an intermediate certificate into the keystore file, you must specify a Java keystore file. 2 When keytool prompts you for your first and last name, type the fully qualified domain name (FQDN) that client computers use to connect to the host.
Option View Connection Server instance Action Type the FQDN of the View Connection Server host if you have one View Connection Server instance. Type the FQDN of the load balancer host if you use load balancing. Type the FQDN of the security server host.
Security server
Send the CSR to the CA in accordance with the CA's enrollment process and request a certificate.
After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate. What to do next If you need a certificate for a View Transfer Server instance, see Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance, on page 84. If your server certificate is signed by an intermediate CA, import the intermediate certificate into your keystore file. See Import an Intermediate Certificate into a Keystore File, on page 84. If you downloaded a server certificate, import it into your keystore file. See Import a Signed Server Certificate into a Keystore File, on page 85.
VMware, Inc.
83
Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance
To obtain a signed certificate from a CA, you must use openssl to generate a private key file and a certificate signing request (CSR). For testing purposes, you can obtain a free temporary certificate based on an untrusted root from GlobalSign, Thawte, or VeriSign. Prerequisites Determine the fully qualified domain name (FQDN) that client computers use to connect to the host. Procedure 1 Open a command prompt and use openssl to create a private key file and a CSR. For example: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr 2 When openssl prompts you for a common name, type the fully qualified domain name (FQDN) that client computers use to connect to the View Transfer Server host. IMPORTANT If you type your name, the certificate will be invalid.
openssl creates the private key file and the CSR file in the current directory.
Send the CSR to the CA in accordance with the CA's enrollment process and request a certificate in PEM format. Some CAs provide certificates in a format other than PEM. If you download this type of certificate, you must convert it to PEM format.
After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate. What to do next Configure the View Transfer Server instance to use the server SSL certificate. See Configure a View Transfer Server Instance to Use a New Certificate, on page 86.
What to do next If you downloaded a server certificate, import it into your keystore file. See Import a Signed Server Certificate into a Keystore File, on page 85.
84
VMware, Inc.
Open a command prompt and use keytool to import the server certificate into the keystore file. For example:
keytool -importcert -keystore keys.jks -storepass secret -keyalg "RSA" -trustcacerts -file certificate.p7
If you specified a temporary certificate, type yes when you receive the message ... is not trusted.
Install reply anyway?. keytool generates this message because temporary certificates are not meant for production use.
What to do next Configure your View Connection Server instance or security server to use the certificate. See Configure a View Connection Server Instance or Security Server to Use a New Certificate, on page 85.
Configure a View Connection Server Instance or Security Server to Use a New Certificate
To configure a View Connection Server instance or security server to use a new server SSL certificate, you must set properties in the locked.properties file on the View Connection Server or security server host. Prerequisites Obtain an existing PKCS#12 file, export an existing Microsoft IIS SSL server certificate, or create a new SSL server certificate.
VMware, Inc.
85
Procedure 1 Copy the keystore file that contains your certificate to the SSL gateway configuration directory on the View Connection Server or security server host. For example: install_directory\VMware\VMware View\Server\sslgateway\conf\keys.jks 2 Add the keyfile, keypass, and storetype properties to the locked.properties file in the SSL gateway configuration directory on the View Connection Server or security server host. If the locked.properties file does not already exist, you must create it. a Set the keyfile property to the name of your keystore file. If you exported an existing Microsoft IIS SSL server certificate, set keyfile to the name of your PFX file. For example:
keyfile=keys.jks
Set the keypass property to the password for your keystore file. If you exported an existing Microsoft IIS SSL server certificate, set keypass to the password that you used when you exported the certificate. For example:
keypass=MY_PASS
Set the storetype property to match the type of the keystore file.
Description Set the value of storetype to pkcs12. Set the value of storetype to jks.
For example:
storetype=jks
You must specify the storetype property for a Java keystore file. 3 Restart the View Connection Server service or Security Server service to make your changes take effect.
What to do next Install the root certificate (if not already present) and the intermediate certificate as described in Using Group Policy to Configure Certificate Checking in View Client, on page 88.
Add openssl to the system Path variable on your host. See Add keytool and openssl to the System Path, on page 80. Obtain an existing PKCS#12 file, export an existing Microsoft IIS SSL server certificate, or create a new SSL certificate.
86
VMware, Inc.
n n
If you use an intermediate CA, obtain an intermediate certificate in PEM format. If a certificate is not in PEM format, convert it to PEM format.
Procedure 1 2 3 Stop the View Transfer Server service. Copy the server certificate, intermediate certificate (if any), and private key files to the directory install_directory\VMware\VMware View\Server\httpd\conf on the View Transfer Server host. Edit the entries for SSLCertificateFile and SSLCertificateKeyFile in the Apache configuration file httpd.conf to specify the names of the server certificate and private key files. For example:
SSLCertificateFile server.crt SSLCertificateKeyFile server.key
If you copied an intermediate certificate file to the View Transfer Server host, add an entry for the SSLCertificateChainFile directive to httpd.conf. For example:
SSLCertificateChainFile intermediateCA.crt
5 6
Restart the View Transfer Server service to make your changes take effect. Verify that the certificate is configured correctly by using your Web browser to navigate to https://transfer_server_host_address.
VMware, Inc.
87
Restart the View Connection Server service to make your changes take effect. In a replicated group, you must restart the service on each View Connection Server instance and on each paired security server.
Reconfigure any firewalls and load balancers to permit client connections using the new SSL configuration. See the VMware View Architecture Planning document for more information.
Your changes take effect immediately. You do not need to restart the View Transfer Server service.
See the VMware View Administration document for information on using View Manager group policy settings.
88
VMware, Inc.
You create an event database to record information about View Manager events. If you do not configure an event database, you must look in the log file to get information about events, and the log file contains very limited information. This chapter includes the following topics:
n n n
Add a Database and Database User for View Events, on page 89 Prepare an SQL Server Database for Event Reporting, on page 90 Configure the Event Database, on page 90
Verify that you have a supported Microsoft SQL Server or Oracle database server on a system that a View Connection Server instance has access to. For a list of supported database versions, see Database Requirements for View Composer, on page 10. Verify that you have the required database privileges to create a database and user on the database server. If you are not familiar with the procedure to create databases on Microsoft SQL Server database servers, review the steps in Add a View Composer Database to SQL Server, on page 30. If you are not familiar with the procedure to create databases on Oracle database servers, review the steps in Add a View Composer Database to Oracle 11g or 10g, on page 32.
n n
VMware, Inc.
89
Procedure 1 2 Add a new database to the server and give it a descriptive name such as ViewEvents. Add a user for this database that has permission to create tables, views, and, in the case of Oracle, triggers and sequences, as well as permission to read from and write to these objects. For a Microsoft SQL Server database, do not use the Integrated Windows Authentication security model method of authentication. Be sure to use the SQL Server Authentication method of authentication. The database is created, but the schema is not installed until you configure the database in View Administrator. What to do next Follow the instructions in Configure the Event Database, on page 90.
Create an SQL Server database for event reporting. See Add a Database and Database User for View Events, on page 89. Verify that you have the required database privileges to configure the database. Verify that the database server uses the SQL Server Authentication method of authentication. Do not use Windows Authentication.
n n
Procedure 1 2 3 4 5 Open SQL Server Configuration Manager and expand SQL ServerYYYYNetwork Configuration. Select Protocols forserver_name. In the list of protocols, right-click TCP/IP and select Properties. Set the Enabled property to Yes. Verify that a port is assigned or, if necessary, assign one. For information on the static and dynamic ports and how to assign them, see the online help for the SQL Server Configuration manager. 6 Verify that this port is not blocked by a firewall.
What to do next Use View Administrator to connect the database to View Connection Server. Follow the instructions in Configure the Event Database, on page 90.
90
VMware, Inc.
The DNS name or IP address of the database server. The type of database server: Microsoft SQL Server or Oracle. The port number that is used to access the database server. The default is 1521 for Oracle and 1433 for SQL Server. For SQL Server, if the database server is a named instance or if you use SQL Server Express, you might need to determine the port number. See the Microsoft KB article about connecting to a named instance of SQL Server, at http://support.microsoft.com/kb/265808. The name of the event database that you created on the database server. See Add a Database and Database User for View Events, on page 89. The username and password of the user you created for this database. See Add a Database and Database User for View Events, on page 89. Use SQL Server Authentication for this user. Do not use the Integrated Windows Authentication security model method of authentication.
A prefix for the tables in the event database, for example, VE_. The prefix enables the database to be shared among View installations. NOTE You must enter characters that are valid for the database software you are using. The syntax of the prefix is not checked when you complete the dialog box. If you enter characters that are not valid for the database software you are using, an error occurs when View Connection Server attempts to connect to the database server. The log file indicates all errors, including this error and any others returned from the database server if the database name is invalid.
Procedure 1 2 3 In View Administrator, select View Configuration > Event Configuration. In the Event Database section, click Edit, enter the information in the fields provided, and click OK. (Optional) In the Event Settings window, click Edit, change the length of time to show events and the number of days to classify events as new, and click OK. These settings pertain to the length of time the events are listed in the View Administrator interface. After this time, the events are only available in the historical database tables. The Database Configuration window displays the current configuration of the event database. 4 Select Monitoring > Events to verify that the connection to the event database is successful. If the connection is unsuccessful, and error message appears. If you are using SQL Express or if you are using a named instance of SQL Server, you might need to determine the correct port number, as mentioned in the prerequisites. In the Dashboard, the System Component Status displays the event database server under the Reporting Database heading.
VMware, Inc.
91
92
VMware, Inc.
You can obtain the View Client installer either from the VMware Web site or from View Portal, a Web access page provided by View Connection Server. You can set various startup options for end users after View Client is installed. This chapter includes the following topics:
n n n n n n n n
Install the Windows-Based View Client or View Client with Local Mode, on page 93 Start the Windows-Based View Client or View Client with Local Mode, on page 94 Install View Client by Using View Portal, on page 96 Install View Client on Mac OS X, on page 97 Start View Client on Mac OS X, on page 98 Set Printing Preferences for the Virtual Printer Feature on Windows Clients, on page 100 Using USB Printers, on page 101 Installing View Client Silently, on page 101
Install the Windows-Based View Client or View Client with Local Mode
End users open View Client to connect to their virtual desktops from a physical machine. You can run a Windows-based installer file to install all components of View Client. In addition to accessing virtual desktops with View Client, end users can use View Client to configure some display options if the View administrator enables these options. For example, end users can optionally choose a display protocol or window size or use their current login credentials for View authentication. View Client with Local Mode lets end users download a copy of their virtual desktop to their local computer. End users can then use the virtual desktop even when they do not have a network connection. Latency is minimized and performance is enhanced. View Client with Local Mode is the fully supported feature that in earlier releases was an experimental feature called View Client with Offline Desktop. Prerequisites
n n
Verify that you can log in as an administrator on the client system. Verify that the client system uses a supported operating system. See Supported Operating Systems for View Client and View Client with Local Mode, on page 16. Verify that View Agent is not installed. If you plan to install View Client with Local Mode, verify that your license includes View Client with Local Mode.
n n
VMware, Inc.
93
If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. Determine whether the person who uses the client device is allowed to access locally connected USB devices from a virtual desktop. If not, you must deselect the USB Redirection component that the wizard presents. If you plan to install the USB Redirection component, verify that the Windows Automatic Update feature is not turned off on the client computer. Determine whether to use the single-sign-on feature. This feature lets end users log in to View Client and their virtual desktop as the currently logged in user. Credential information that the user entered when logging in to the client system is passed to the View Connection Server instance and ultimately to the virtual desktop. Some client operating systems do not support this feature. If you do not want to require end users to supply the IP address or fully qualified domain name (FQDN) of the View Connection Server instance that hosts their virtual machine, determine the IP address or FQDN so that you can supply it during installation.
Procedure 1 2 Log in to the client system as a user with administrator privileges. On the client system, download the View Client installer file from the VMware product page at http://www.vmware.com/products/. Select the appropriate installer file, where xxxxxx is the build number.
Option View Client on 64-bit operating systems View Client on 32-bit operating systems Action Select VMware-viewclient-x86_64-4.6.x-xxxxxx.exe for View Client. Select VMware-viewclientwithlocalmode-x86_64-4.6.x-xxxxxx.exe for View Client with Local mode. Select VMware-viewclient-4.6.x-xxxxxx.exe for View Client. Select VMware-viewclientwithlocalmode-4.6.x-xxxxxx.exe for View Client with Local Mode.
3 4
To start the View Client installation program, double-click the installer file. Follow the prompts to install the components you want.
The VMware View Client service is installed on the Windows client computer. The service name for View Client is wsnm.exe. The service name for the USB component is wsnm_usbctrl.exe. What to do next Start the View Client and verify that you can log in to the correct virtual desktop. See Start the WindowsBased View Client or View Client with Local Mode, on page 94 or Install View Client by Using View Portal, on page 96.
Start the Windows-Based View Client or View Client with Local Mode
Before you have end users access their virtual desktops, test that you can log in to a virtual desktop from a client device. You can start View Client from the Start menu or a desktop shortcut on the client system. In environments where a network connection is available, the user session is authenticated by View Connection Server.
94
VMware, Inc.
Prerequisites
n n
Verify that View Client or View Client with Local Mode is installed on the client device. If you plan to use View Client with Local Mode, verify that your license includes View Client with Local Mode and verify that the View desktop meets the requirements for local mode. See the overview topic for setting up a local desktop deployment in the VMware View Administration document. Verify that a virtual desktop pool has been created and that the user account you plan to use is entitled to access this desktop. See the topics about creating desktop pools in the VMware View Administration document. Verify that you have the fully qualified domain name (FQDN) or IP address of the View Connection Server instance that provides access to the virtual desktop.
Procedure 1 2 3 If View Client does not start automatically after installation, double-click the desktop shortcut or click Start > Programs > VMware > VMware View Client. In the Connection Server drop-down menu, enter the host name or IP address of View Connection Server. Verify that the other optional settings in the dialog box appear as you configured them.
Option Log in as current user Description This check box is displayed or hidden according to the global setting in View Administrator. Do not select this check box if you plan to check out the View desktop for use in local mode. If this check box is selected, you must also select the global setting called Use SSL for client connections in View Administrator. If you use a secure connection, the default port is 443. If you select this check box, the next time you start View Client, the Connection Server field is disabled and you are connected to the server specified when you selected the Autoconnect check box. To deselect this check box, cancel the next dialog box that appears and click Options to display and change this setting.
4 5
Click Connect. Enter the credentials of a user who is entitled to use at least one desktop pool, select the domain, and click Login. If you type the user name using the format user@domain, the name is treated as a user principal name (UPN) because of the @ sign, and the domain drop-down menu is disabled. For information about creating desktop pools and entitling users to pools, see VMware View Administration document.
6 7
(Optional) In the Display drop-down menu, select the window size for displaying the View desktop. (Optional) To select a display protocol, click the down-arrow next to a desktop in the list, click Display Protocol, and select the protocol. This choice is available only if your View administrator has enabled it.
Select a desktop from the list of desktop pools and click Connect. View Client attempts to connect to a desktop in the specified pool.
VMware, Inc.
95
If authentication to View Connection Server fails or if View Client cannot connect to a desktop, perform the following tasks:
n
Verify that the View Client setting for using secure (SSL) connections matches the global setting in View Administrator. For example, if the check box for secure connections is deselected on the client, the check box must also be deselected in View Administrator. Verify that the security certificate for View Connection Server is working properly. If it is not, in View Administrator, you might also see that the View Agent on desktops is unreachable and the Transfer Server status shows that it is not ready. These are symptoms of additional connection problems caused by certificate problems. Verify that the tags set on the View Connection Server instance allow connections from this user. See the VMware View Administration document. Verify that the user is entitled to access this desktop. See the VMware View Administration document. Verify that the client computer allows remote desktop connections.
n n
What to do next
n
Configure startup options. If you do not want to require end users to provide the host name or IP address of View Connection Server, or if you want to configure other startup options, use the View Client command-line options to create a desktop shortcut. See the VMware View Administration document.
Check out a desktop that can be used in local mode. End users can determine if a desktop is eligible for checkout by clicking the down-arrow next to the desktop in the list provided by View Client with Local Mode. If the desktop can be used in local mode, the Check out option appears in the context menu. Only the user who checks out the desktop can access it, even if a group is entitled to access the desktop.
Verify that you have the URL for the View Connection Server instance. Verify that you can log in as an administrator on the client system. Verify that a virtual desktop has been created and that the user account you plan to use is entitled to access this desktop. Verify that the client system uses a supported operating system. See Supported Operating Systems for View Client and View Client with Local Mode, on page 16. Verify that View Agent is not installed. If you plan to install View Client with Local Mode, verify that your license includes View Client with Local Mode.
n n
96
VMware, Inc.
If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. Determine whether the person who uses the client device is allowed to access locally connected USB devices from a virtual desktop. If not, you must deselect the USB Redirection component that the wizard presents. If you plan to install the USB Redirection component, verify that the Windows Automatic Update feature is not turned off on the client computer.
Procedure 1 2 Log in to the client system as a user with administrator privileges. Open a browser and enter the URL of the View Connection Server instance that provides access to the virtual desktop. Internet Explorer can determine whether an upgrade is available, whereas Firefox and Safari cannot. Also, in the list of installers, Internet Explorer lists 32-bit installers if the client has a 32-bit system and lists 64bit installers if the client has a 64-bit system, whereas Firefox lists both 32-bit and 64-bit installers. 3 Follow the prompts on the Web page. If the version available from View Connection Server is newer than that installed on the client device, you can choose to upgrade. If the version is the same as that on the client device, View Portal starts the View Client installed on the client computer. If you have an older version of View Client and a smart card is required for client connections, an Internet Explorer browser prompts you to insert your smart card before View Portal checks the version of your existing View Client. 4 If Internet Explorer prompts you to insert a smart card, either insert the card or click Cancel. Inserting a smart card and Cancel have the same effect. What to do next Connect to the View desktop. See Start the Windows-Based View Client or View Client with Local Mode, on page 94 or Start View Client on Mac OS X, on page 98.
Verify that the client system uses a supported operating system. See Supported Operating Systems for View Client and View Client with Local Mode, on page 16. Verify that the Mac client system has Remote Desktop Connection version 2.0 or higher installed. The View Client disk image file includes a link to the Microsoft Remote Desktop Connection Client for Mac download page.
Procedure 1 2 Log in to the client system. On the client system, download the View Client disk image file from the VMware product page at http://www.vmware.com/products/. Select the VMware-View-Client-4.6.x-xxxxxx.dmg disk image file, where xxxxxx is the build number.
VMware, Inc.
97
Double-click the .dmg file to open it and click Agree. The contents of the disk image appear in a VMware View Client Finder window.
4 5
Open a new Finder window and navigate to the Applications folder. Drag the VMware View Client icon to the Applications folder. If you are not logged in as an administrator user, you are prompted for an administrator user name and password. You can now unmount the disk image.
What to do next Start View Client and verify that you can log in to the correct virtual desktop. See Start View Client on Mac OS X, on page 98.
Verify that View Client is installed on the client system. Verify that a virtual desktop pool has been created and that the user account you plan to use is entitled to access this desktop. See the topics about creating desktop pools in the VMware View Administration document. Verify that you have the fully qualified domain name (FQDN) or IP address of the View Connection Server instance that provides access to the virtual desktop. Verify that the AllowDirectRDP View Agent group policy setting is enabled. This setting is enabled by default.
Procedure 1 2 In the folder where you installed View Client (typically the Applications folder), double-click VMware View Client. Select your View Connection Server from the Address drop-down menu, or enter the server host name or IP address.
98
VMware, Inc.
(Optional) Choose options for how you connect to the selected server.
Option Port Use Secure Connection (SSL) Description Specify the port number, or leave blank to use the default port for View Connection Server. Select to use a secure (SSL) connection to protect sensitive corporate information and ensure that all connections are completely encrypted. Your View administrator might have configured View Connection Server to always use a secure connection, even if you select a nonsecure connection. Select to connect directly to the current instance of View Connection Server when you start View Client. Select this option if you always connect to the same View Connection Server. If deselected, you must enter or select a View Connection Server when you start View Client.
You can also supply the port and SSL options by typing them into the address field directly. For a nonSSL connection, type http://URL[:port number]. For an SSL connection, type https://URL[:port number]. 4 Click Continue. You are connected to View Connection Server and can now log in. 5 Enter your user name and password in the login dialog box. If you type the user name as user@domain, it is treated as a user principal name (UPN) because of the atsign (@), so the domain drop-down menu dims. Otherwise, you must also select a domain. 6 7 (Optional) Select Remember this password in my keychain to securely store your login credentials. Click Continue. If login is successful, the list of desktops that you are authorized to use appears. 8 9 Select a desktop from the list. (Optional) Select an option from the Display drop-down menu.
Option Full Screen Description Display the desktop over the complete monitor screen. If you select Full Screen and have multiple monitors, drag the desktop selection window to the monitor in which you want the desktop to appear. Display the desktop in a large window. Display the desktop in a small window. Use the slider in the displayed dialog box to set the window size and click Select. The size you select is added to the Display drop-down menu.
Display settings are retained the next time you open the desktop. 10 Click Continue, or click the Action menu (with the Gear icon) and select Connect.
After you are connected, the client window appears. If View Client cannot connect to the desktop, perform the following tasks:
n
Verify that the View Client setting for using secure (SSL) connections matches the global setting in View Administrator. For example, if the check box for secure connections is deselected on the client, the check box must also be deselected in View Administrator. Verify that the security certificate for View Connection Server is working properly. If it is not, in View Administrator, you might also see that the View Agent on desktops is unreachable. Verify that the tags set on the View Connection Server instance allow connections from this user. See the VMware View Administration document.
VMware, Inc.
99
n n
Verify that the user is entitled to access this desktop. See the VMware View Administration document. Verify that the client computer allows remote desktop connections.
What to do next For instructions on using View Client, see the VMware View Client Help.
Set Printing Preferences for the Virtual Printer Feature on Windows Clients
The virtual printing feature lets end users use local or network printers from a View desktop without requiring that additional print drivers be installed in the View desktop. For each printer available through this feature, you can set preferences for data compression, print quality, double-sided printing, color, and so on. After a printer is added on the local Windows computer, View adds that printer to the list of available printers on the View desktop. No further configuration is required. Users who have administrator privileges can still install printer drivers on the View desktop without creating a conflict with the virtual printer component. IMPORTANT This feature is not available for the following types of printers:
n
USB printers that are using the USB redirection feature to connect to a virtual USB port in the View desktop You must disconnect the USB printer from the View desktop in order to use the virtual printing feature with it.
The Windows feature for printing to a file Selecting the Print to file check box in a Print dialog box does not work. Using a printer driver that creates a file does work. For example, you can use a PDF writer to print to a PDF file.
Prerequisites Verify that the Virtual Printing component of View Agent is installed on the View desktop. In the View desktop file system, the drivers are located in C:\Program Files\Common Files\VMware\Drivers\Virtual Printer. Installing View Agent is one of the tasks required for preparing a virtual machine to be used as a View desktop. For more information, see the VMware View Administration document. Procedure 1 2 In the View desktop, click Start > Settings > Printers and Faxes. In the Printers and Faxes window, right-click any of the locally available printers and select Properties. On Windows 7 desktops, you might see only the default printer, even though other printers are available. To see the other printers, right-click the default printer and point to Printer properties. 3 4 5 6 In the Print Properties window, click the ThinPrint Device Setup tab and specify which settings to use. On the General tab, click Printing Preferences and edit the page and color settings. On the Advanced tab, set preferences for double-sided printing and portrait (long edge) or landscape (short edge) printing. To preview each printout on the host, enable Preview on client before printing. From this preview, you can use any printer with all its available properties. 7 On the Adjustment tab, review the settings for automatic print adjustment. VMware recommend that you retain the default settings. 8 Click OK.
100
VMware, Inc.
You can use the USB redirection feature to attach a USB printer to a virtual USB port in the View desktop as long as the required drivers are also installed on the View desktop. If you use this redirection feature the printer is no longer attached to the physical USB port on the client and this is why the USB printer does not appear in the list of local printers that the virtual printing feature displays. This also means that you can print to the USB printer from the View desktop but not from the local client machine.
On Windows clients, you can alternatively use the virtual printing feature to send print jobs to a USB printer. If you use the virtual printing feature you can print to the USB printer from both the View desktop and the local client, and you do not need to install print drivers on the View desktop.
Set Group Policies to Allow Silent Installation of View Client with Local Mode
Before you can install View Client with Local Mode silently, you must configure Microsoft Windows group policies to allow installation with elevated privileges. You do not have to set these group policies to install View Client silently. These policies are required only for View Client with Local Mode. You must set Windows Installer group policies for computers and for users on the client computer. Prerequisites Verify that you have administrator privileges on the Windows client computer on which you will install View Client with Local Mode. Procedure 1 2 3 4 5 6 7 8 Log in to the client computer and click Start > Run. Type gpedit.msc and click OK. In the Group Policy Object Editor, click Local Computer Policy > Computer Configuration. Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. In the Always Install with Elevated Privileges Properties window, click Enabled and click OK. In the left pane, click User Configuration. Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. In the Always Install with Elevated Privileges Properties window, click Enabled and click OK.
VMware, Inc.
101
Verify that you can log in as an administrator on the client system. Verify that the client system uses a supported operating system. See Supported Operating Systems for View Client and View Client with Local Mode, on page 16. If you plan to install View Client with Local Mode, verify that your license includes View Client with Local Mode. If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. Determine whether to use the single-sign-on feature. This feature lets end users log in to View Client and their virtual desktop as the currently logged in user. Credential information that the user entered when logging in to the client system is passed to the View Connection Server instance and ultimately to the virtual desktop. Some client operating systems do not support this feature. If you do not want to require end users to supply the IP address or fully qualified domain name (FQDN) of the View Connection Server instance that hosts their virtual machine, determine the IP address or FQDN so that you can supply it during installation. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation (MSI) properties available with View Client. See Silent Installation Properties for View Client, on page 103. Determine whether to allow end users to access locally connected USB devices from their virtual desktops. If not, set the MSI property, ADDLOCAL, to the list of features of interest and omit the USB feature. For details, see Silent Installation Properties for View Client, on page 103. If you install View Client with Local Mode, verify that the Windows Installer group policies that are required for silent installation are configured on the client computer. See Set Group Policies to Allow Silent Installation of View Client with Local Mode, on page 101.
102
VMware, Inc.
Procedure 1 On the client system, download the View Client installer file from the VMware product page at http://www.vmware.com/products/. Select the appropriate installer file, where xxxxxx is the build number.
Option View Client on 64-bit operating systems View Client on 32-bit operating systems Action Select VMware-viewclient-x86_64-4.6.x-xxxxxx.exe for View Client. Select VMware-viewclientwithlocalmode-x86_64-4.6.x-xxxxxx.exe for View Client with Local mode. Select VMware-viewclient-4.6.x-xxxxxx.exe for View Client. Select VMware-viewclientwithlocalmode-4.6.x-xxxxxx.exe for View Client with Local Mode.
2 3
Open a command prompt on the Windows client computer. Type the installation command on one line. This example installs View Client with single sign-on and USB redirection features. A default View Connection Server instance is configured for View Client users: VMware-viewclient-4.6.xxxxxxx.exe /s /v"/qn REBOOT=ReallySuppress VDM_SERVER=cs1.companydomain.com ADDLOCAL=Core,TSSO,USB"
This example installs View Client with Local Mode: VMware-viewclientwithlocal-4.6.xxxxxxx.exe /s /v"/qn ADDLOCAL=Core,MVDI"
NOTE The Core feature is mandatory. The VMware View Client service is installed on the Windows client computer. What to do next Start the View Client and verify that you can log in to the correct virtual desktop. See Start the WindowsBased View Client or View Client with Local Mode, on page 94 or Install View Client by Using View Portal, on page 96.
None
VMware, Inc.
103
Table 9-1. MSI Properties for Silently Installing View Client (Continued)
MSI Property DESKTOP_SHORTCUT Description Configures a desktop shortcut icon for View Client. A value of 1 installs the shortcut. A value of 0 does not install the shortcut. This MSI property is optional. QUICKLAUNCH_SHORTCUT Configures a shortcut icon on the quick-launch tray for View Client. A value of 1 installs the shortcut. A value of 0 does not install the shortcut. This MSI property is optional. Configures a shortcut for View Client in the Start menu. A value of 1 installs the shortcut. A value of 0 does not install the shortcut. This MSI property is optional. 1 Default Value 1
STARTMENU_SHORTCUT
In a silent installation command, you can use the MSI property, ADDLOCAL=, to specify features that the View Client installer configures. Each silent-installation feature corresponds to a setup option that you can select during an interactive installation. Table 9-2 shows the View Client features you can type at the command line and the corresponding interactiveinstallation options. Table 9-2. View Client Silent Installation Features and Interactive Custom Setup Options
Silent Installation Feature Core If you specify individual features with the MSI property, ADDLOCAL=, you must include Core. If you specify ADDLOCAL=ALL, all View Client and View Client with Local Mode features, including Core, are installed. MVDI Use this feature when you install View Client with Local Mode and specify individual features with ADDLOCAL=. If you specify ADDLOCAL=ALL, all View Client with Local Mode features, including MVDI, are installed. ThinPrint TSSO USB None. When you install View Client with Local Mode interactively, the MVDI functions are installed by default. When you install View Client interactively, the MVDI functions are not available. Virtual Printing Single Sign-on (SSO) USB Redirection Custom Setup Option in an Interactive Installation None. During an interactive installation, the core View Client functions are installed by default.
104
VMware, Inc.
Index
A
Active Directory configuring domains and trust relationships 23 preparing for smart card authentication 26 preparing for use with View 23 Active Directory groups creating for kiosk mode client accounts 24 creating for View users and administrators 24 ADM template files 26 Adobe Flash requirements 21 antivirus software, View Composer 38
how View Manager uses 63 increasing on a Windows Server computer 64 ESX hosts, View Composer 38 event database creating for View 89, 90 SQL Server configuration 90 external URLs configuring for a View Connection Server instance 62 modifying for a security server 62 purpose and format 61
B
browser requirements 9, 18
F
Firefox, supported versions 9, 18 firewall rules View Connection Server 43 View Transfer Server 75 firewalls, configuring 40
C
certificate signing requests, See CSRs certificates checking in View Client 88 configuring View Connection Server to use 85 configuring View Transfer Server to use 86 creating new 82 importing to a keystore file 85 obtaining signatures 83, 84 replacing the default 79 requirements 79 certutil command 28 client software requirements 15 CPU requirements, local mode desktops 16 CSRs, creating 83, 84
G
glossary, where to find 5 GPOs, linking to a View desktop OU 26 Group Policy Objects, See GPOs GroupPolicyFiles directory 26
H
hardware requirements local mode desktops 16 PCoIP 19 smart card authentication 21 View Connection Server 7 HP RGS 20
D
databases creating for View Composer 29 View events 89, 90 default certificate, replacing 79 direct connections, configuring 60 display requirements, local mode desktops 16 DNS resolution, View Composer 38 documentation feedback, how to provide 5 domain filtering 24
I
intermediate certificates adding to intermediate certification authorities 28 importing to a keystore file 84 Intermediate Certification Authorities policy 28 Internet Explorer, supported versions 9, 18
J
JKS keystores, converting from PKCS#12 82 JVM heap size default 68 increasing 69
E
Enterprise NTAuth store, adding root certificates 28 ephemeral ports calculating 64
VMware, Inc.
105
K
keychain 98 keyfile property 85 keypass property 85 keytool utility adding to the system path 80 creating a CSR 83 kiosk mode, Active Directory preparation 24
L
license key, View Connection Server 57 local desktop configuration adding a View Transfer Server instance 71, 73 creating a vCenter Server user 53 hardware requirements 16 privileges for vCenter Server user 56 locked.properties file 85 Log in as current user feature 94
Oracle 11g, creating a View Composer database with a script 34 Oracle 11g database adding an ODBC data source 35 adding for View Composer 32 configuring a database user 34 Oracle 9i, creating a View Composer database with a script 34 Oracle 9i database adding an ODBC data source 36 adding for View Composer 32, 33 configuring a database user 34 Oracle databases 10 organizational units, See OUs OS X, installing View Client 97 OUs creating for kiosk mode client accounts 24 creating for View desktops 24
P
page-file size, View Connection Server 69 PCoIP, hardware requirements 19 PKCS#12 keystores, converting to JKS format 82 policies Intermediate Certification Authorities 28 Restricted Groups 25 Trusted Root Certification Authorities 27 printers, setting up 100 professional services 5
M
Mac OS X, installing View Client 97 media file formats, supported 21 memory requirements, local mode desktops 16 Microsoft IIS SSL server certificates, using existing 80 Microsoft SQL Server databases 10 Microsoft Windows Installer command-line options for silent installation 51 MSI properties for View Transfer Server 77 properties for replicated View Connection Server 46 properties for security server 50 properties for View Client 103 properties for View Connection Server 42 uninstalling View Components silently 52 multimedia redirection (MMR) 21
R
RDP 20 remote display protocols HP RGS 20 PCoIP 19 RDP 20 replicated instances installing 43 installing silently 45 network requirements 9 silent installation properties 46 Restricted Groups policy, configuring 25 RGS 20 root certificates adding to the Enterprise NTAuth store 28 adding to trusted roots 27
O
ODBC connecting to Oracle 11g or 10g 35 connecting to Oracle 9i 36 connecting to SQL Server 31 openssl utility adding to the system path 80 configuring a certificate for View Transfer Server 86 creating a CSR 84 Oracle 10g, creating a View Composer database with a script 34 Oracle 10g database adding an ODBC data source 35 adding for View Composer 32 configuring a database user 34
S
security servers calculating TCB hash table size 66 configuring a pairing password 46 configuring an external URL 61 configuring to use a certificate 85 installer file 47
106
VMware, Inc.
Index
installing silently 49 modifying an external URL 62 silent installation properties 50 silent installation group policies to allow installation 75, 101 replicated instances 45 security servers 49 View Client 101, 102 View Client with Local Mode 102 View Connection Server 41 View Transfer Server 75, 76 sizing Windows Server settings calculating ephemeral ports 64 calculation worksheets 67 increasing ephemeral ports 63, 64 increasing the JVM heap size 68 increasing the TCB hash table size 67 smart card authentication Active Directory preparation 26 requirements 21 UPNs for smart card users 27 software requirements, server components 7 SQL Server database adding an ODBC data source 31 adding for View Composer 30 preparing for event database 90 SQL Server databases 10 SQL Server Management Studio Express, installing 30 SSL configuring for client connections 87 configuring for View Transfer Server communications 88 SSL certificates, See certificates storetype property 85 streaming multimedia 21 support, online and telephone 5 Sysprep, requirements for View Composer 11 system page file size, Windows Server 69
transmission control block how View uses 65 increasing size for non-security servers 66 increasing size for security servers 66 trust relationships, configuring for View Connection Server 23 Trusted Root Certification Authorities policy 27
U
uninstalling View components 52 UPNs smart card users 27 View Client 94 View Client on Mac OS X 98 View Client with Local Mode 94 USB printers 101 user accounts requirements 53 vCenter Server 24, 53 View Composer 25, 53 userPrincipalName attribute 27
V
vCenter Server configuring for View Composer 38 creating a user for local mode 53 installing the View Composer service 36 user accounts 24, 53 vCenter Server instances, adding in View Administrator 57 vCenter Server user local mode privileges 56 vCenter Server privileges 55 View Composer privileges 55 View Administrator logging in 56 overview 56 requirements 9 View Agent, installation requirements 15 View Client installation overview 93 installing on a Windows PC or laptop 93 installing on Mac OS X 97 installing silently on a Windows PC or laptop 101, 102 silent installation properties 103 starting 93, 94, 98 supported operating systems 16 using View Portal to install 96 View Client with Local Mode group policies for silent installation 101 supported operating systems 16 View clients, configuring connections 60 View components, command-line options for silent installation 51
T
TCB hash table how View uses 65 increasing size for non-security servers 66 increasing size for security servers 66 increasing size on a Windows Server computer 67 TCP ports View Connection Server 43 View Transfer Server 75 technical support and education 5 ThinPrint setup 100 Transfer Server repository, configuring 74
VMware, Inc.
107
View Composer, database requirements 10 View Composer configuration creating a user account 25 creating a vCenter Server user 24, 53 privileges for the vCenter Server user 55 settings in View Administrator 59 View Composer database ODBC data source for Oracle 11g or 10g 35 ODBC data source for Oracle 9i 36 ODBC data source for SQL Server 31 Oracle 11g and 10g 32 Oracle 9i 32, 33 requirements 29 SQL Server 30 View Composer infrastructure configuring vSphere 38 optimizing 38 testing DNS resolution 38 View Composer installation installer file 36 overview 29 requirements overview 9 virtualization software requirements 11 View Composer upgrade compatibility with vCenter Server versions 10 operating system requirements 10 requirements overview 9 View Connection Server, hardware requirements 7 View Connection Server configuration client connections 60 event database 89, 90 external URL 61, 62 first time 56 overview 39 replacing the default certificate 79 server certificate 85 sizing Windows Server settings 63 system page file size 69 trust relationships 23 View Connection Server installation installation types 39 network configuration 9 overview 39 prerequisites 39 product license key 57 replicated instances 43 requirements overview 7 security servers 47 silent 41 silent installation properties 42 single server 40
supported operating systems 8 virtualization software requirements 9 View desktops, configuring direct connections 60 View Portal, browser requirements 18 View Secure Gateway Server component, increasing the JVM heap size 69 View Transfer Server configuration adding an instance 73 Transfer Server repository 74 View Transfer Server installation group policies for silent installation 75 installer file 71 overview 71 requirements overview 12 silent 75, 76 silent installation properties 77 storage requirements 13 supported operating systems 13 virtual machine requirements 12 virtual printing feature 100 vSphere, configuring for View Composer 38
W
Web browser requirements 9, 18 Windows 7 requirements, local mode desktops 16 Windows computers, installing View Client 93 Windows Server, system page file size 69 worksheets, calculating ephemeral ports and TCB has table size 67 Wyse MMR 21
108
VMware, Inc.